[VPN] Cisco PIX Site-to-site IPSec VPN tunnel and access-lists
Joshua Vince
joshv at bcgsys.com
Thu Sep 19 11:53:40 EDT 2002
Thanks, I didn't know that!
But you can take out this line:
Sysopt connection permit-ipsec
Then apply in inbound access-list to your outside interface like:
Access-list inbound_acl permit tcp host 192.168.1.15 eq 1494 host
172.16.1.25
Access-group inbound_acl in interface outside
And this will let the VPN tunnel be set up, and then only allow 1494
(ICA) traffic from the remote host on the VPN (172.16.1.25) to the local
host on the VPN (192.168.1.15)
Josh
-----Original Message-----
From: shannong [mailto:shannong at texas.net]
Sent: Thursday, September 19, 2002 1:23 AM
To: vpn at lists.shmoo.com
Subject: RE: [VPN] Cisco PIX Site-to-site IPSec VPN tunnel and
access-lists
The crypto access-lists that define interesting traffic on the Pix
cannot have layer 4 operators. Although you wont' get errors, the
access lists called in crypto maps can only reference ip traffic for
hosts and networks.
-----Original Message-----
From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com] On
Behalf Of Joshua Vince
Sent: Saturday, September 14, 2002 10:06 PM
To: Sergey Esin; vpn at lists.shmoo.com
Subject: RE: [VPN] Cisco PIX Site-to-site IPSec VPN tunnel and
access-lists
Using the access-lists you set up to define interesting traffic. In
other words, instead of making those access lists cover whole network
ranges, do something like:
access-list VPNTraffic permit ip host 192.168.1.15 host 172.16.1.25
and if you want to only allow certain traffic, you can do that too with
eq etc.
Josh
-----Original Message-----
From: Sergey Esin [mailto:sergey.esin at orcsoftware.spb.ru]
Sent: Friday, September 13, 2002 10:44 AM
To: vpn at lists.shmoo.com
Subject: [VPN] Cisco PIX Site-to-site IPSec VPN tunnel and access-lists
Hello,
I have Cisco PIX 506e (software version 6.2) and Cisco 515 Lan-To-Lan
VPN with preshared key set up. So I have unlimited access between
VPN-connected networks. My configuration is very similar as show at
http://www.cisco.com/warp/public/110/38.html
How can I restrict access between VPN-connected networks?
Thanks,
Sergey
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
More information about the VPN
mailing list