VPN3000 LAN-to-LAN tunnel question.


I have a question in regards to LAN-to-LAN tunnel with a vendor(extranet) using a VPN 3005. We would like to initiate the connection from our side only and on our side only have the ability to initiate connections to computers on the vendor's side; and on the vendor's side disable their ability to initiate connections to our computers on our side while the tunnel is up. Is this possible? Or, will we need some IPS/IDS to stop initial connections from the vendor's side. I hope this is clear enough.


Reply to
Loading thread data ...

You could apply a filter to the LAN-to-LAN tunnel (requires Concentrator

3.6 or later) which contains rules to permit only established connections (assuming your applications use TCP) inbound to your Concentrator.

The filters on the Concentrator are stateless, so you need to permit connections in both directions.

If you Concentrator Private interface terminates on a firewall, then manage the traffic flows at that point.



Reply to
Matthew Melbourne

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.