cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
421
Views
0
Helpful
1
Replies
sanjaynadarajah
Beginner

Re: Design Question on ASA ...:

Hi,

          This is a new requirement for a permanent site-to-site IPSec VPN between two different customers (customer A and customer B). I need to come up with the configuration whcih will create a permanent site-to-site VPN between customer A and B with the following restrictions :

1) Only allow OUTBOUND connections from Customer A to Customer B, not INBOUND connections from Customer B.

2) Only allow traffic from Customer A network  to Customer B and prevent the VPN connection in Customer B from accessing any of Customer A's other site servers ip subnet 192.168.10.0/23

          I would need help in writing this config as I am pretty new to this kind of setup OR any URL that talks abt. the above.

Appreciate any help provided.

Many thanks.

1 REPLY 1
Tanveer Deewan
Cisco Employee

As for the VPN configuration, the two sites will have mirrored configuration. The ACLs defined for VPN interesting traffic would be reversed and that for the NAT exempt.

Here's a link for VPN configuration:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html

To restrict traffic from Site B, you can simply use ACLs that you apply to an interface Access group.

Tanveer Dewan

tdeewan@cisco.com

Content for Community-Ad