Microsoft
Software
Hardware
Network
Question : How to Create a "One Way" VPN in Cisco ASA
Hi All,
I have created an isolated network which I allow access some external parties access.
I have setup a remote access VPN to that network so the external parties can access it freely.
I also have setup a site to site VPN to this network from our corporate network.
This is all working as expected.
Now I wish to deny all traffic through the site-site VPN from from the "Isolated" network to the corporate network while permitting all traffic thorugh the site-site VPN from corporate to the isolated network.
10.10.0.0 ------ Internet ----- 10.12.1.0
Corporate Isolated
I have done the following:
On the corporate ASA:
group-policy FilterToTull internal
group-policy FilterToTull attributes
vpn-filter value blockVSExtlabtoTull
access-list blockVSExtlabtoTull extended deny ip 10.12.1.0 255.255.255.0 any
tunnel-group xx.xx.xx.xx type ipsec-l2l
tunnel-group xx.xx.xx.xx general-attributes
default-group-policy FilterToTull
But this seems to result in a Bi-Directional restriction. I require only a one way block.
Any ideas?
Many thanks,
Shane
Answer : How to Create a "One Way" VPN in Cisco ASA
It does sound a bit messy. I still think the traffic should be blocked at ingress i.e. on the isolated firewall.
Random Solutions
is it possible to capture packets (sniff) remotle from a cisco router traffic using SNMP ?
Learning TCP/IP Advice Required on Subnet Masking
Why can't I connect to VPN using IPSec security?
Problems with outbound mail
Intermittent network visibility of XP and Vista workstations
Trying to network my two computers together
mr2kserv.exe
VPN over GPRS Problem
Difference Between A Proxy Server and Firewall
How to clone a Novell Netware 5.1 Disk