[c-nsp] Restric access in a VPN tunnel

JR Colmenares sforcejr at yahoo.com
Fri Oct 17 23:54:24 EDT 2008


Cisco 506e
6.3.4

I am configuring a tunnel and I have this access list that allows traffic from the remote site to our whole subnet 

access-list nonat permit ip 10.0.0.0 255.0.0.0 192.168.16.0 255.255.255.0
access-list remote_site permit ip 10.0.0.0 255.0.0.0 192.168.16.0 255.255.255.0
sysopt connection permit-ipsec

Our users are going to access an database server on the remote site

1- How can I restrict the access to particular hosts in our network?
2- Is it possible to configure the tunnel so the IP traffic goes just in one direction? It seems to me that if our users need to access their servers, they should not need to access any hosts on our side? Or if it is done this way, our users would not be able to pull any data from those servers because the traffic just goes in one direction. Please provide some insight here. I am a little paranoid with this company wanting to establish this kind of open access


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the cisco-nsp mailing list