Microsoft
Software
Hardware
Network
Question : How to Create a "One Way" VPN in Cisco ASA
Hi All,
I have created an isolated network which I allow access some external parties access.
I have setup a remote access VPN to that network so the external parties can access it freely.
I also have setup a site to site VPN to this network from our corporate network.
This is all working as expected.
Now I wish to deny all traffic through the site-site VPN from from the "Isolated" network to the corporate network while permitting all traffic thorugh the site-site VPN from corporate to the isolated network.
10.10.0.0 ------ Internet ----- 10.12.1.0
Corporate Isolated
I have done the following:
On the corporate ASA:
group-policy FilterToTull internal
group-policy FilterToTull attributes
vpn-filter value blockVSExtlabtoTull
access-list blockVSExtlabtoTull extended deny ip 10.12.1.0 255.255.255.0 any
tunnel-group xx.xx.xx.xx type ipsec-l2l
tunnel-group xx.xx.xx.xx general-attributes
default-group-policy FilterToTull
But this seems to result in a Bi-Directional restriction. I require only a one way block.
Any ideas?
Many thanks,
Shane
Answer : How to Create a "One Way" VPN in Cisco ASA
It does sound a bit messy. I still think the traffic should be blocked at ingress i.e. on the isolated firewall.
Random Solutions
How can I change a username in Novell?
find mac address in windows
Static DHCP on a Cisco 821/Linksys
Roaming Profile on a Workgroup?
Error When Re-Connecting to Internet?
SSL Wildcard website setup
Removing workstations from a domain when the domain controller is not present or accessable
Traceroute
How to setup Ftp site to be accessed remotely
Server 2003 DHCP not working, probably easy question