cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1013
Views
0
Helpful
1
Replies

Locking down Site 2 Site IPsec vpn vpn-filter clarity?

craig.corbett
Level 2
Level 2

Can someone please provide some clarity and explanation to the vpn-filter feature?

I have a site to site vpn, local there are 2 subnets, and remote there are 4. I need to restrict the remote subnets from accessing one of the local subnets, but I need to allow both local subnets to access all 4 remote subnets. I don’t have control over the remote ACL’s. Can I do what I need to do with the vpn-filter feature configured on the local side only?

Software Version 8.2(1) - will be upgrading soon.

Comments, hints / tips, greatly appreciated.

Thanks.

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

What you need to remember is that VPN filter is applied as an access-list for all traffic from remote to your local LAN.

It is associated with particular SAs. The behavior is not fully stateful so take care of what you're doing :-)

It's all in command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630190

View solution in original post

1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

What you need to remember is that VPN filter is applied as an access-list for all traffic from remote to your local LAN.

It is associated with particular SAs. The behavior is not fully stateful so take care of what you're doing :-)

It's all in command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630190