VPN3000 LAN-to-LAN tunnel question.

Discussion in 'Cisco' started by terry_zarelli@yahoo.com, Jun 11, 2005.

  1. Guest

    Hello,

    I have a question in regards to LAN-to-LAN tunnel with a
    vendor(extranet) using a VPN 3005. We would like to initiate the
    connection from our side only and on our side only have the ability to
    initiate connections to computers on the vendor's side; and on the
    vendor's side disable their ability to initiate connections to our
    computers on our side while the tunnel is up. Is this possible? Or,
    will we need some IPS/IDS to stop initial connections from the vendor's
    side. I hope this is clear enough.

    Thanks.
     
    , Jun 11, 2005
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    > Hello,
    >
    > I have a question in regards to LAN-to-LAN tunnel with a
    > vendor(extranet) using a VPN 3005. We would like to initiate the
    > connection from our side only and on our side only have the ability to
    > initiate connections to computers on the vendor's side; and on the
    > vendor's side disable their ability to initiate connections to our
    > computers on our side while the tunnel is up. Is this possible? Or,
    > will we need some IPS/IDS to stop initial connections from the vendor's
    > side. I hope this is clear enough.


    You could apply a filter to the LAN-to-LAN tunnel (requires Concentrator
    3.6 or later) which contains rules to permit only established connections
    (assuming your applications use TCP) inbound to your Concentrator.

    The filters on the Concentrator are stateless, so you need to permit
    connections in both directions.

    If you Concentrator Private interface terminates on a firewall, then
    manage the traffic flows at that point.

    Cheers,

    Matt

    --
    Matthew Melbourne
     
    Matthew Melbourne, Jun 11, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dietmar Romer

    VPN3000, radius: error = -9 ("ENOBUFS")

    Dietmar Romer, Aug 2, 2004, in forum: Cisco
    Replies:
    0
    Views:
    660
    Dietmar Romer
    Aug 2, 2004
  2. a.nonny mouse
    Replies:
    2
    Views:
    1,146
  3. Matthew
    Replies:
    1
    Views:
    523
  4. Steve Ray

    VPN3000 Question

    Steve Ray, Jun 25, 2007, in forum: Cisco
    Replies:
    3
    Views:
    355
    Steve Ray
    Jun 26, 2007
  5. Martin_DK
    Replies:
    1
    Views:
    539
    rlewisii
    Oct 22, 2009
Loading...

Share This Page