cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
841
Views
0
Helpful
6
Replies

ASA Site to Site VPN restricted to a VLAN

jeff6strings
Level 1
Level 1

We have a Cisco ASA 5580-20 running version 8.2. We will have a consultant who will have laptops and a printer on our network but I will confine these to a VLAN. For this consultant I will need to setup a site to site VPN using our ASA to his company’s ASA. On our side I need this site to site VPN to be confined to the VLAN which his laptops and printer are assigned. Providing him with a broadband connection to use his own firewall device is not an option.  I would appreciate any assistance with how to configure (restrict) the site to site to the VLAN on our side.

Thank you,

Jeff

2 Accepted Solutions

Accepted Solutions

Mohamed Sobair
Level 7
Level 7

Jeff,

On the Interesting traffic, You only need to allow the Consultant VLAN Subnet in the Crypto traffic (the Encrypted traffic).

Regards,

Mohameed

View solution in original post

Mohamed Sobair
Level 7
Level 7

Jeff,

The link below should be of help of how to configure LAN to LAN IPsec example with NAT.

Let me know if you have any questions on it,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

Regards,

Mohamed

View solution in original post

6 Replies 6

Mohamed Sobair
Level 7
Level 7

Jeff,

On the Interesting traffic, You only need to allow the Consultant VLAN Subnet in the Crypto traffic (the Encrypted traffic).

Regards,

Mohameed

Mohameed, thank you for the reply. Not sure if it makes a difference but the consultant VLAN will be a non routed VLAN.

Jeff

Hi Jeff,

I am not sure I understood your point, can you just elaborate more on your current existing setup and what exactly you require?

Regards,

Mohamed

We would like to restrict a specific site to site VPN on the ASA to a specific VLAN on our network; which consists of Cisco switches, over two dozen VLANs and dot1q and ISL trunks. I'm new to this company and trying to get a handle on the network layout so there is not much more detail I can provide at this time. I'm looking for guidance or referrence on the ASA side of configuring a site to site VPN to a specific VLAN as this is the are which I'm a little fuzzy about.

Thanks again,

Jeff

Mohamed Sobair
Level 7
Level 7

Jeff,

The link below should be of help of how to configure LAN to LAN IPsec example with NAT.

Let me know if you have any questions on it,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

Regards,

Mohamed

Thank you for the responses and if I have any questions I will post them.

Jeff