Just a quick question. I have two ASA's with a site-to-site vpn tunnel built between them. One is at the Headquarters
site and the other is a remote site. At the remote site, I have the following IP's as local hosts:
These workstations are attempting to access the following destination networks
In my interesting traffic on the remote end, I've set it to use
IP 192.168.1.0 255.255.255.0 -----> 10.1.0.0 255.255.0.0
On the Central HQ side, my interesting traffic looks like
IP 10.1.0.0 255.255.0.0 --------> 192.168.1.0 255.255.255.0
So now I'm encrypting IP traffic between 10.1.0.0 /16 to 192.168.1.0 /24. Which this part works fine. But now I want to put an ACL on
the tunnel to ONLY allow the 3 hosts on the 192.168.1.x on certain ports to the 3 subnets. Is this done by Group Policy for a Lan 2 Lan tunnel. If I apply a group policy and set an IPV4 Filter. Will this accomplish what I'm shooting for?
I'm doing this on the ASDM, so keep that in mind when trying to explain to me how to fix it.
Thanks in advance,
Solved! Go to Solution.
That's Fantastic!!! Should have posted that earlier as I think I could have saved myself some time and grief. Thanks a ton. That's EXACTLY what I was looking for!!!
Good to hear. As a side note, I usually deploy a second firewall that I use to filter instead of on the ASA w/VPN. Much easier to manage.
Yup. On the second firewall I use one interface for filtering VPN and others as inside, outside, and other DMZ's. It's usually the "main" firewall that does the filtering. I then use another ASA for VPN only.