09-05-2013 06:05 PM - edited 03-11-2019 07:34 PM
Hello Experts,
I need some assistance to provide limited access from remote to local machines over STS Tunnel. The STS Tunnel is estlablished between two sites and I want that remote machine can access only few machines with specific ports.
Lets say 192.168.0.0/24 is a subnet of Local site and 192.168.10.0/24 is a subnet of remote location and now I want only tcp/9001 port be allowed from remote to local machines and tcp/8001 port be allowed from local to remote machines.
For this, I have allowed the traffic in cryto map access lists but exempt the network from source to destination on Inside interface and it's working in correct manner but if somebidy allow the IP protocol at remote firewall in cryto access list then the remote machines would have complete access of local machines that I want to restrict and I need your assist on this.
Thanks.
09-05-2013 08:08 PM
Hi Ray,
Best way to restrict the traffic across vpn is to configure vpn-filters.
You can get more information regarding vpn-filters from following link:-
Please let me know if it helps.
Regards,
Naresh
09-05-2013 08:21 PM
Hi Ray,
Naresh is absolutely right.
The best way to restrict the access on the basis of port is VPN filter.
Please go through the link that naresh has provided and if you have any question please feel free to contact.
Thanks
Jeet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide