Security e-Series
1748051 Members
5377 Online
108758 Solutions
New Discussion

Filtering ipSec traffic per-tunnel on a MSR router

 
DamirD
Occasional Contributor

Filtering ipSec traffic per-tunnel on a MSR router

Hello,

 

I have a bunch of MSR900 routers connected to a MSR 30/20 (headquarter). At headquarter site, the ipSec tunnels are terminated on the WAN interface. How can I distinguish traffic coming from each of the ipSec interfaces from each other and from the traffic coming in from the WAN interface.

 

E.g. let's suppose the site A has 192.168.100.0/24, site B 192.168.200.0/24 and the headquarter 192.168.0.0/24 at the LAN side and 222.222.223.224 on the WAN. How can I prevent an IP 192.168.200.1 coming from the ISP (WAN) side and still allow just certain services from site A and some other services from site B?

 

Thanks,

 Damir