Solved: site-to-site inbound access list for the remote site - Cisco Community

833

Views

0

Helpful

2

Replies

Hi,

I was wondering is it possible to add an access list for incoming traffic from a remote site over a site-to-site VPN.

In short I need to setup and site-to-site with a company so i can access a web server they are hosting. However i don't want the other company having access to our network, the VPN is purely for us to access the web server.

I understand I can change the crypto map, so only HTTPS traffic is allowed over the site to site from my end, can i do the same for inbound traffic, kind of like a reflexive access list?

1 Accepted Solution

Accepted Solutions

Hi,

You need to configure a VPN filter on the ASA, here are some examples:

https://www.fir3net.com/Firewalls/Cisco/review-cisco-asa-how-do-vpn-filters-work.html

https://popravak.wordpress.com/2011/11/05/cisco-asa-vpn-filter-as-i-see-it/

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html

HTH

View solution in original post

2 Replies 2

Hi,

You need to configure a VPN filter on the ASA, here are some examples:

https://www.fir3net.com/Firewalls/Cisco/review-cisco-asa-how-do-vpn-filters-work.html

https://popravak.wordpress.com/2011/11/05/cisco-asa-vpn-filter-as-i-see-it/

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html

HTH

Could you not apply a VPN filter from here?

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community