[c-nsp] Restric access in a VPN tunnel
JR Colmenares
sforcejr at yahoo.com
Fri Oct 17 23:54:24 EDT 2008
Cisco 506e
6.3.4
I am configuring a tunnel and I have this access list that allows traffic from the remote site to our whole subnet
access-list nonat permit ip 10.0.0.0 255.0.0.0 192.168.16.0 255.255.255.0
access-list remote_site permit ip 10.0.0.0 255.0.0.0 192.168.16.0 255.255.255.0
sysopt connection permit-ipsec
Our users are going to access an database server on the remote site
1- How can I restrict the access to particular hosts in our network?
2- Is it possible to configure the tunnel so the IP traffic goes just in one direction? It seems to me that if our users need to access their servers, they should not need to access any hosts on our side? Or if it is done this way, our users would not be able to pull any data from those servers because the traffic just goes in one direction. Please provide some insight here. I am a little paranoid with this company wanting to establish this kind of open access
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the cisco-nsp
mailing list