IPsec tunnel how do you restrict which networks can be accessed?
richc last edited by
I am starting to look at linking up two sites, one site (site1) has a Cisco ASA device and the other a pfSense box (site2).
I can see how to basically configure IPsec however I was wondering if there is anyway to restrict what networks can be accessed by site1, at the site2 end.
Can anyone help/comment?
spiritbreaker last edited by
sure use Firewall rules.
go to Firewall -> Ipsec and restrict incomming traffic by setting up rules like this:
Example: Rule to permit only HTTP Traffic to ur Site2 LAN:
Proto Source Port Destination Port Gateway Queue Schedule Description
* site1_lan * Site2-LAN net(or IP) 80 * none
Hope This helps.