VPN3000 LAN-to-LAN tunnel question.

- T
- terry_zarelli
  
  Contact options for registered users
posted
18 years ago

Fri, Jun 10, 2005 11:26 PM

Hello,

I have a question in regards to LAN-to-LAN tunnel with a vendor(extranet) using a VPN 3005. We would like to initiate the connection from our side only and on our side only have the ability to initiate connections to computers on the vendor's side; and on the vendor's side disable their ability to initiate connections to our computers on our side while the tunnel is up. Is this possible? Or, will we need some IPS/IDS to stop initial connections from the vendor's side. I hope this is clear enough.

Thanks.

Loading thread data ...

- M
- Matthew Melbourne
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, Jun 11, 2005 3:12 PM

You could apply a filter to the LAN-to-LAN tunnel (requires Concentrator

3.6 or later) which contains rules to permit only established connections (assuming your applications use TCP) inbound to your Concentrator.

The filters on the Concentrator are stateless, so you need to permit connections in both directions.

If you Concentrator Private interface terminates on a firewall, then manage the traffic flows at that point.

Cheers,

Matt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.