IPsec tunnel how do you restrict which networks can be accessed?



  • I am starting to look at linking up two sites, one site (site1) has a Cisco ASA device and the other a pfSense box (site2).

    I can see how to basically configure IPsec however I was wondering if there is anyway to restrict what networks can be accessed by site1, at the site2 end.

    Can anyone help/comment?



  • Hi,

    sure use Firewall rules.

    go to Firewall -> Ipsec and restrict incomming traffic by setting up rules like this:

    Example: Rule to permit only HTTP Traffic to ur Site2 LAN:

    Proto Source       Port   Destination                   Port  Gateway Queue Schedule Description
      *        site1_lan         *     Site2-LAN net(or IP)      80               * none

    Hope This helps.

    Cya


Log in to reply