All,

New to the forum so hello!

Just wanted to ask a question that I'm unsure about.

Currently using 3900's for site to site VPN's with no issues. I've been asked however to configure a VPN to a new site that requires host to host (not site to site) connectivity for remote management purposes. Do I simply set the local/remote subnet to a /32 network when configuring the VPN connection parameters?

As an example I have configured LAN configured as 10.230.8.1/24 but only want host 10.230.8.104/32 to be able to communicate over the VPN. I assume that the VPN endpoints are established and then the router only allows packets to flow over it from the specified host?

Excuse my ignorance but never had to do this before.

Regards,

Simon

you could create a firewall policy with the remote lan as the destination and the source as the IP you want to allow but as the selection Inverted and the action set to block.
That way everything else except the specified IP will be blocked to the destination LAN