Microsoft
Software
Hardware
Network
Question : How to Create a "One Way" VPN in Cisco ASA
Hi All,
I have created an isolated network which I allow access some external parties access.
I have setup a remote access VPN to that network so the external parties can access it freely.
I also have setup a site to site VPN to this network from our corporate network.
This is all working as expected.
Now I wish to deny all traffic through the site-site VPN from from the "Isolated" network to the corporate network while permitting all traffic thorugh the site-site VPN from corporate to the isolated network.
10.10.0.0 ------ Internet ----- 10.12.1.0
Corporate Isolated
I have done the following:
On the corporate ASA:
group-policy FilterToTull internal
group-policy FilterToTull attributes
vpn-filter value blockVSExtlabtoTull
access-list blockVSExtlabtoTull extended deny ip 10.12.1.0 255.255.255.0 any
tunnel-group xx.xx.xx.xx type ipsec-l2l
tunnel-group xx.xx.xx.xx general-attributes
default-group-policy FilterToTull
But this seems to result in a Bi-Directional restriction. I require only a one way block.
Any ideas?
Many thanks,
Shane
Answer : How to Create a "One Way" VPN in Cisco ASA
It does sound a bit messy. I still think the traffic should be blocked at ingress i.e. on the isolated firewall.
Random Solutions
DNS Query Rate Control
internal routing between exchange server with smart host
No translation group found for tcp src outside
ssl and tls
Domino (R8) server not leaving summary after mail database archiving
Use cmd to log off a shared folder/directory
sbs 2000 question
Cisco VPN Client preventing Remote Desktop, SMS, Group Policy, ICMP, and Antivirus administration?
2 FSMO roles messed up, also cannot create a second global catalog
Cisco Pix and Citrix, can't connect until I clear arp/local/xlate