08-27-2012 12:27 PM
I have to setup access for a support vendor that needs access to just a few IP addresses in my datacenter but all of my branch locations. In the LAN to LAN setup can I enter more than one IP and subnets?
Thanks!
Chad
Solved! Go to Solution.
08-27-2012 01:44 PM
HI Chad,
"In the LAN to LAN setup can I enter more than one IP and subnets?"
Sure you can, if you are planing to setup land to land IPSec tunne, it is your no-nat and crypto acl can be used to control what are allowed and what not over the tunnel itself.
However if you planing to use a remote-access tunnel instead, it is your "vpn-filter value" and associate it with an ACL and in the example below group name is set as "filter"
group-policy filter internal group-policy filter attributes vpn-filter value 103
Reference:
Thanks
Rizwan Rafeek
08-27-2012 01:44 PM
HI Chad,
"In the LAN to LAN setup can I enter more than one IP and subnets?"
Sure you can, if you are planing to setup land to land IPSec tunne, it is your no-nat and crypto acl can be used to control what are allowed and what not over the tunnel itself.
However if you planing to use a remote-access tunnel instead, it is your "vpn-filter value" and associate it with an ACL and in the example below group name is set as "filter"
group-policy filter internal group-policy filter attributes vpn-filter value 103
Reference:
Thanks
Rizwan Rafeek
08-27-2012 01:48 PM
Thanks Rizwan!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide