Re: Design Question on ASA ...:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2010 11:47 PM
Hi,
This is a new requirement for a permanent site-to-site IPSec VPN between two different customers (customer A and customer B). I need to come up with the configuration whcih will create a permanent site-to-site VPN between customer A and B with the following restrictions :
1) Only allow OUTBOUND connections from Customer A to Customer B, not INBOUND connections from Customer B.
2) Only allow traffic from Customer A network to Customer B and prevent the VPN connection in Customer B from accessing any of Customer A's other site servers ip subnet 192.168.10.0/23
I would need help in writing this config as I am pretty new to this kind of setup OR any URL that talks abt. the above.
Appreciate any help provided.
Many thanks.
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2010 04:04 PM
As for the VPN configuration, the two sites will have mirrored configuration. The ACLs defined for VPN interesting traffic would be reversed and that for the NAT exempt.
Here's a link for VPN configuration:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html
To restrict traffic from Site B, you can simply use ACLs that you apply to an interface Access group.
Tanveer Dewan
