02-05-2018 04:54 AM - edited 03-12-2019 04:59 AM
I want to set up a site-to-site IPSEC VPN between 2 locations, where I am the administrator for Site A's Cisco ASA firewalls and Site B is a 3rd party company:
Site A: 10.10.10.0/24
Site B: 192.168.20.0/24
From Site A's Cisco ASA firewall, I want to be able to block anything inbound from Site B (that hasn't been initiated from Site A) and I want to allow ALL outbound traffic from Site A to Site B (and leave it to Site B to decide if there is any specific traffic they want to block)
How can I achieve this with a VPN filter at Site A?
(Note: using "no sysopt connection permit-vpn" and interface ACLs isn't an option due to the large number of VPNs already in use so I'd like to be able to do this using VPN filters)
Thanks.
02-05-2018 06:27 AM
02-05-2018 07:00 AM
Hi Rahul,
thanks - that's what i thought. Will have to have a re-think about how we achieve this then!
02-06-2018 11:17 AM
02-12-2018 09:56 AM
02-13-2018 06:15 AM
@Rahul Govindan Thanks very much - makes sense.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide