[VPN] Complete VPN access to all PIX interfaces
jmondaca at entelsa.entelnet.bo
jmondaca at entelsa.entelnet.bo
Thu Apr 24 12:20:16 EDT 2003
I have a PIX 6.2 with 6 interfaces and VPN client 3.0. I have configured
the firewall to permit a VPN connection using the following conf
access-list 100 permit ip x.x.x.x 255.255.255.0 y.y.y.y 255.255.255.0
nat (dmz2) 0 access-list 100
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esmp-md5-hamc
crypto dynamic-map dynmap 30 set transform-set myset
crypto map newmap 20 ipsec-isakmp dynamic dynmap
crypto map newmap interface outside
* and the configuration of the vpngroup and isakmp
The problem is that I only want the vpn client access my x.x.x.x network
in dmz2 but the VPN client can access all the computers in the internal,
dmz1, dmz3, etc (all the interfaces).
Thanks in advance.
_______________________________________
Jorge Mondaca
Gerencia Seguridad Corporativa
(591) 2-2313030 ext 2021
(591) 72029832
More information about the VPN
mailing list