ā12-03-2012 02:59 AM
Hello,
I would like to do VPN site to site using ASA 5520 and i have a few question if you don't mind :
Site A:
Peer IP address: aaa.aaa.aaa.aaa/32
Local Network: bbb.bbb.bbb.bbb/32
Site B:
Peer IP Address: xxx.xxx.xxx.xxx/32
Local network: yyy.yyy.yyy.yyy/32
on the wizard site to site vpn (site B) the peer network should be the site A and the local network should be the site B and remote network should be the site A right ?
the local network IP address should be not be used right by another devices right ? i can use use a single IP address instead of network range on local and remote network ? since the customer on site A provide me a single IP address ?
can i allow on site A to browse only a single IP address on my site B and allowing only ports 80 and 443, please can you provide me example i prefer ASDM .
Thanks and waiting for your help.
Solved! Go to Solution.
ā12-04-2012 01:29 AM
Hi,
I can only really give an example of this using the CLI (or I rather do that as I dont use ASDM almost at all)
Do you have any already existing L2L / Site to Site VPN connections on the ASA?
Could you share your current configuration (Remove any sensitive information) so we can take into consideration any existing configurations you have
Have you agreed on what the L2L VPN Phase1 and Phase2 parameters will be with the other sites technical contact that is going to configure their side of the L2L VPN?
- Jouni
ā12-04-2012 08:00 AM
Hi,
Yes, you may configure only one host to communicate across the VPN tunnel, and you may define which ports to allow, specifying which are going to be the source and destination ports within their proper hosts.
access-list site-A permit tcp host
access-list site-A permit tcp host
access-list site-B permit tcp host
access-list site-B permit tcp host
So we are saying that host-B is going to access host-A on port 80 and 443.
or as well you may configure a VPN filter:
Hope this information becomes handy.
Cheers,
Jessica Murillo
Cisco TAC VPN engineer
*** Please rate the post if it was helpful
ā12-04-2012 01:29 AM
Hi,
I can only really give an example of this using the CLI (or I rather do that as I dont use ASDM almost at all)
Do you have any already existing L2L / Site to Site VPN connections on the ASA?
Could you share your current configuration (Remove any sensitive information) so we can take into consideration any existing configurations you have
Have you agreed on what the L2L VPN Phase1 and Phase2 parameters will be with the other sites technical contact that is going to configure their side of the L2L VPN?
- Jouni
ā12-04-2012 08:00 AM
Hi,
Yes, you may configure only one host to communicate across the VPN tunnel, and you may define which ports to allow, specifying which are going to be the source and destination ports within their proper hosts.
access-list site-A permit tcp host
access-list site-A permit tcp host
access-list site-B permit tcp host
access-list site-B permit tcp host
So we are saying that host-B is going to access host-A on port 80 and 443.
or as well you may configure a VPN filter:
Hope this information becomes handy.
Cheers,
Jessica Murillo
Cisco TAC VPN engineer
*** Please rate the post if it was helpful
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide