Microsoft
Software
Hardware
Network
Question : How to Create a "One Way" VPN in Cisco ASA
Hi All,
I have created an isolated network which I allow access some external parties access.
I have setup a remote access VPN to that network so the external parties can access it freely.
I also have setup a site to site VPN to this network from our corporate network.
This is all working as expected.
Now I wish to deny all traffic through the site-site VPN from from the "Isolated" network to the corporate network while permitting all traffic thorugh the site-site VPN from corporate to the isolated network.
10.10.0.0 ------ Internet ----- 10.12.1.0
Corporate Isolated
I have done the following:
On the corporate ASA:
group-policy FilterToTull internal
group-policy FilterToTull attributes
vpn-filter value blockVSExtlabtoTull
access-list blockVSExtlabtoTull extended deny ip 10.12.1.0 255.255.255.0 any
tunnel-group xx.xx.xx.xx type ipsec-l2l
tunnel-group xx.xx.xx.xx general-attributes
default-group-policy FilterToTull
But this seems to result in a Bi-Directional restriction. I require only a one way block.
Any ideas?
Many thanks,
Shane
Answer : How to Create a "One Way" VPN in Cisco ASA
It does sound a bit messy. I still think the traffic should be blocked at ingress i.e. on the isolated firewall.
Random Solutions
DHCP spliting the scope.
How to add a DNS entry through command line in Windows....
How do I make DNS resolve to one NIC Only?
ZENWorks 7.0 Middle Tier Servers - How Many and Where
Setup Multible Websites in Seperate Servers Behind Single IP NAT
Weblogic 8.1 License
Why my roommate gets higher bandwidth than me when we're sharing the same internet access?
public proxy server
Remote Desktop into W2k Wkstn
Access windows XP from windowns 2000 Hidden shares C$ D$ admin$