Site-to-Site vpn to a single host on 5505?

[wellerw]

Hi,

does anyone know if it would be possible to set up a site-to-site on an ASA5505 so that the remote network could only access a single host on the Lan.

could it be as simple as entering the host address/mask into the 'protected network' section when configuring the vpn?

If not , could I create the vpn as normal , then use access lists to restrict the access from the remote network?


Many thanks,
W

 

[unclerico]

the interesting traffic in the crypto acl should include only the one host (the same will go for your acl for bypassing NAT). one thing you have to know is that once somone accesses the destination computer they may be able to use that to jump to other computers within the destination network.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[Supergrrover]

Set it up similar to this -

http://www.cisco.com/en/US/products...s_configuration_example09186a0080641a52.shtml

Or if you control both ends, just put an ACL on the opposite end tunnel's inside interface that restricts traffic to your other network (allow the one IP and deny all others in the subnet.)


Brent
Systems Engineer / Consultant
CCNP, CCSP