Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1012
Views
0
Helpful
1
Replies

Locking down Site 2 Site IPsec vpn vpn-filter clarity?

Go to solution
craig.corbett
Level 2
Level 2

‎11-03-2012 05:04 AM - edited ‎02-21-2020 06:27 PM

Can someone please provide some clarity and explanation to the vpn-filter feature?

I have a site to site vpn, local there are 2 subnets, and remote there are 4. I need to restrict the remote subnets from accessing one of the local subnets, but I need to allow both local subnets to access all 4 remote subnets. I don’t have control over the remote ACL’s. Can I do what I need to do with the vpn-filter feature configured on the local side only?

Software Version 8.2(1) - will be upgrading soon.

Comments, hints / tips, greatly appreciated.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-03-2012 09:39 AM

What you need to remember is that VPN filter is applied as an access-list for all traffic from remote to your local LAN.

It is associated with particular SAs. The behavior is not fully stateful so take care of what you're doing :-)

It's all in command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630190

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-03-2012 09:39 AM

What you need to remember is that VPN filter is applied as an access-list for all traffic from remote to your local LAN.

It is associated with particular SAs. The behavior is not fully stateful so take care of what you're doing :-)

It's all in command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630190

0 Helpful
Customers Also Viewed These Support Documents