Restrict site-to-site traffic

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Post Reply
Guest

Restrict site-to-site traffic

Post by Guest » Thu Jan 06, 2011 1:00 pm

Hi everyone,

 

I have a quick question I hope: whats the best way to restrict certain protocols to pass through a site-to-site tunnel ? Should I edit de ACL which is assigned to the crypto map or should I create a new ACL and assign it to the interface ?

 

Thanks in advance,

 

Ronald


Guest

Re:Restrict site-to-site traffic

Post by Guest » Thu Jan 06, 2011 2:05 pm

Hi,

Is this on a router or a firewall?

If you are using a firewall you can use the vpn-filter command

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml


Guest

Re:Restrict site-to-site traffic

Post by Guest » Thu Jan 06, 2011 2:49 pm

Hi Sean,

 

It is a 1803 ISR.

 

Regards,

 

Ronald


Guest

Re:Restrict site-to-site traffic

Post by Guest » Thu Jan 06, 2011 4:09 pm

Hi,

 

editing the ACL attached to crypto map will do the trick.

 

Regards.

 

Alain.


Guest

Re:Restrict site-to-site traffic

Post by Guest » Thu Jan 06, 2011 5:28 pm

Hi Alain,

 

Thanks for the info. Im gonna try that one.

 

Regards,

 

Ronald


Post Reply