I want to set up a site-to-site IPSEC VPN between 2 locations, where I am the administrator for Site A's Cisco ASA firewalls and Site B is a 3rd party company:
Site A: 10.10.10.0/24
Site B: 192.168.20.0/24
From Site A's Cisco ASA firewall, I want to be able to block anything inbound from Site B (that hasn't been initiated from Site A) and I want to allow ALL outbound traffic from Site A to Site B (and leave it to Site B to decide if there is any specific traffic they want to block)
How can I achieve this with a VPN filter at Site A?
(Note: using "no sysopt connection permit-vpn" and interface ACLs isn't an option due to the large number of VPNs already in use so I'd like to be able to do this using VPN filters)
thanks - that's what i thought. Will have to have a re-think about how we achieve this then!