Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
0
Helpful
2
Replies

ASA VPN Site to Site

Go to solution
rabih_saleh
Level 1
Level 1

‎12-03-2012 02:59 AM

Hello,

I would like to do VPN site to site using ASA 5520 and i have a few question if you don't mind :

Site A:

Peer IP address: aaa.aaa.aaa.aaa/32

Local Network: bbb.bbb.bbb.bbb/32

Site B:

Peer IP Address: xxx.xxx.xxx.xxx/32

Local network: yyy.yyy.yyy.yyy/32

on  the wizard site to site vpn (site B) the peer network should be the  site A and the local network should be the site B and remote network  should be the site A right ?

the local network IP  address should be not be used right by another devices right ? i can use  use a single IP address instead of network range on local and remote  network ? since the customer on site A provide me a single IP address ?

can  i allow on site A to browse only a single IP address on my site B and  allowing only ports 80 and 443, please can you provide me example i  prefer ASDM .

Thanks and waiting for your help.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-04-2012 01:29 AM

Hi,

I can only really give an example of this using the CLI (or I rather do that as I dont use ASDM almost at all)

Do you have any already existing L2L / Site to Site VPN connections on the ASA?

Could you share your current configuration (Remove any sensitive information) so we can take into consideration any existing configurations you have

Have you agreed on what the L2L VPN Phase1 and Phase2 parameters will be with the other sites technical contact that is going to configure their side of the L2L VPN?

- Jouni

View solution in original post

0 Helpful

Go to solution
jesmuril
Level 1
Level 1

‎12-04-2012 08:00 AM

Hi,

Yes, you may configure only one host to communicate across the VPN tunnel, and you may define which ports to allow, specifying which are going to be the source and destination ports within their proper hosts.

access-list site-A permit tcp host   eq 80 host

access-list site-A permit tcp host   eq 443 host

access-list site-B permit tcp host host eq 80

access-list site-B permit tcp host host eq 443

So we are saying that host-B is going to access host-A on port 80 and 443.

or as well you may configure a VPN filter:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Hope this information becomes handy.

Cheers,

Jessica Murillo

Cisco TAC VPN engineer

*** Please rate the post if it was helpful

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-04-2012 01:29 AM

Hi,

I can only really give an example of this using the CLI (or I rather do that as I dont use ASDM almost at all)

Do you have any already existing L2L / Site to Site VPN connections on the ASA?

Could you share your current configuration (Remove any sensitive information) so we can take into consideration any existing configurations you have

Have you agreed on what the L2L VPN Phase1 and Phase2 parameters will be with the other sites technical contact that is going to configure their side of the L2L VPN?

- Jouni

0 Helpful

Go to solution
jesmuril
Level 1
Level 1

‎12-04-2012 08:00 AM

Hi,

Yes, you may configure only one host to communicate across the VPN tunnel, and you may define which ports to allow, specifying which are going to be the source and destination ports within their proper hosts.

access-list site-A permit tcp host   eq 80 host

access-list site-A permit tcp host   eq 443 host

access-list site-B permit tcp host host eq 80

access-list site-B permit tcp host host eq 443

So we are saying that host-B is going to access host-A on port 80 and 443.

or as well you may configure a VPN filter:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Hope this information becomes handy.

Cheers,

Jessica Murillo

Cisco TAC VPN engineer

*** Please rate the post if it was helpful

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents