Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
2
Replies

Apply blocl in VPN L2L IPsec

Alex Ribas
Level 1
Level 1

‎09-26-2022 06:35 AM

Hi all

Hi have on IPsec tunnel with customer.

My Network 10.29.0.0/16

Customer 10.16.0.0/16

access-list 112 line 1 extended permit ip 10.29.0.0 255.255.0.0 10.16.0.0 255.255.0.0
 
The ACL 112  I user to crypto in Tunnel.
 
VPN it's working bidireccional.
But I need block the customer access my Network like TCP ping etc.
Example.
NET: 10.16.0.0 255.255.0.0  cannot PING or TCP in port 22 etc.

How can I do this?
Any clue?
Thank you
Alex
 
Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎09-26-2022 06:39 AM

@Alex Ribas what device is this, a router or ASA?

If router, apply an interface ACL, explictly deny the traffic you want to deny then permit the rest.

If ASA, you can apply a VPN filter to the specific VPN tunnel.

0 Helpful

MHM Cisco World
VIP
VIP

‎09-26-2022 06:57 AM

if ASA 
https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html

if Router
set ip access-group {access-list-number | access-list-name} {in | out}

0 Helpful
Customers Also Viewed These Support Documents