Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
1
Replies

Access Rules on ASA 5520 For Site to Site VPN

Mitesh Manwatkar
Level 1
Level 1

‎12-29-2014 06:49 AM - edited ‎03-05-2019 12:27 AM

Hi,

I will be setting up a site to site vpn between our two branch offices using ASA 5520 (VPN Gateway) at both locations.

Both of my ASA's outside interfaces are configured with Static Public IP address which I will be using for vpn peer identity.

What kind of access rules do I need to configure on ASA apart from allowing interesting traffic in source and destination field.

Do i need to add rules for udp port 500 or esp traffic if any.

Kindly help with this.

Regards.

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎12-29-2014 12:58 PM

You don't need to permit anything else beside the interesting traffic that is to be encrypted unless:

- The ASA terminating the tunnel is sitting behind another ASA/FW/Router. If that is the case then you will need to create some "permit" entries on that device

- You can an ACL attached on the "outside" that is only allowing the "outside" IP to communicate with a specific list of other public IPs

I hope this helps!

 

Thank you for rating helpful posts!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card