The documentation I'm reading doesn't seem to clear to me if this is possible help/clarification much appreciated. But since these filter ACLs are bidirectional, line 1 is also permitting the remote host to access my host's SSH Server. ![]() However, I do not want the remote host to be able to access my local host's TCP port 22 (SSH) because there's no requirement to do so - there's only a requirement for my host to access the remote host's SFTP server, not vice-versa. I have the following filter ACL setup, applied, and working on my tunnel-group: access-list ACME_FILTER extended permit tcp host 10.0.0.254 host 192.168.0.20 eq 22Īccess-list ACME_FILTER extended permit icmp host 10.0.0.254 host 192.168.0.20Īccording to the docs, VPN filters are bi-directional, you always specify the remote host first (10.0.0.254), followed by the local host and (optionally) port number, as per the documentation. Would i add a static or dynamic rule on ADSM I am thinking of trying this Dynamic interface inside ip address 192.168.0.2 e0/0 in the asa 5505 mask 255.255.255. I have created a global route 0.0.0.0 192.168.0.1, this points to the e0/0 port on the netvanta. ![]() ![]() I'm trying to find a way to setup a bi-directional L2L IPSec tunnel, but with differing group-policy filter ACLs for both sides. How do I setup natting on the asa to replace the netvanta IOS fw.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |