Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
0
Helpful
6
Replies

ASA Site to Site VPN restricted to a VLAN

Go to solution
jeff6strings
Level 1
Level 1

‎05-06-2011 07:13 PM

We have a Cisco ASA 5580-20 running version 8.2. We will have a consultant who will have laptops and a printer on our network but I will confine these to a VLAN. For this consultant I will need to setup a site to site VPN using our ASA to his company’s ASA. On our side I need this site to site VPN to be confined to the VLAN which his laptops and printer are assigned. Providing him with a broadband connection to use his own firewall device is not an option.  I would appreciate any assistance with how to configure (restrict) the site to site to the VLAN on our side.

Thank you,

Jeff

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mohamed Sobair
Level 7
Level 7

‎05-06-2011 11:45 PM

Jeff,

On the Interesting traffic, You only need to allow the Consultant VLAN Subnet in the Crypto traffic (the Encrypted traffic).

Regards,

Mohameed

View solution in original post

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎05-07-2011 10:42 AM

Jeff,

The link below should be of help of how to configure LAN to LAN IPsec example with NAT.

Let me know if you have any questions on it,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

Regards,

Mohamed

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Mohamed Sobair
Level 7
Level 7

‎05-06-2011 11:45 PM

Jeff,

On the Interesting traffic, You only need to allow the Consultant VLAN Subnet in the Crypto traffic (the Encrypted traffic).

Regards,

Mohameed

0 Helpful

Go to solution
jeff6strings
Level 1
Level 1
In response to Mohamed Sobair

‎05-07-2011 06:06 AM

Mohameed, thank you for the reply. Not sure if it makes a difference but the consultant VLAN will be a non routed VLAN.

Jeff

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to jeff6strings

‎05-07-2011 06:22 AM

Hi Jeff,

I am not sure I understood your point, can you just elaborate more on your current existing setup and what exactly you require?

Regards,

Mohamed

0 Helpful

Go to solution
jeff6strings
Level 1
Level 1
In response to Mohamed Sobair

‎05-07-2011 06:58 AM

We would like to restrict a specific site to site VPN on the ASA to a specific VLAN on our network; which consists of Cisco switches, over two dozen VLANs and dot1q and ISL trunks. I'm new to this company and trying to get a handle on the network layout so there is not much more detail I can provide at this time. I'm looking for guidance or referrence on the ASA side of configuring a site to site VPN to a specific VLAN as this is the are which I'm a little fuzzy about.

Thanks again,

Jeff

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎05-07-2011 10:42 AM

Jeff,

The link below should be of help of how to configure LAN to LAN IPsec example with NAT.

Let me know if you have any questions on it,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

Regards,

Mohamed

0 Helpful

Go to solution
jeff6strings
Level 1
Level 1
In response to Mohamed Sobair

‎05-10-2011 04:52 AM

Thank you for the responses and if I have any questions I will post them.

Jeff

0 Helpful
Customers Also Viewed These Support Documents