cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1971
Views
0
Helpful
1
Replies
Beginner

How to configure IPsec L2L to allow only one way traffic

Hi,

We have a business need that we have to set up a IPsec L2L tunnel (from multiple locations) to a business partner, we require that the connection can only be initiated from our side, not business partner side. I searched the web, one option is configure our side ASA to initate IKE only, this does not seem to meet our requirement, because once IPsec SA is up, IP layer traffic will flow freely in either direction; the other option people suggested is to use VPN filter in tunnel group policy, but the documention of how to use this vpn-filter to enforce one way traffic policy is not crystal clear to me;  I actually configured reflexive ACL on core L3 switch before the traffic hits ASA to reflect/evalulate specific traffic to businness partner's LAN network, that worked well. However one of our branch office's core L3 switch is Cat4K which does not support reflexive ACL with the image it is currently running, so I am stuck again ... please help

1 REPLY 1
Highlighted
Beginner

Re: How to configure IPsec L2L to allow only one way traffic

Dear jiangu!

Please take a look at following url - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Suprisingly this document will show you VPN filter ASA's feature very clear. And VPN filter is most suitable feature for your need, IMHO.

Best regards