[VPN] VPN on Cisco PIX
Dana J. Dawson
djdawso at qwest.com
Wed Apr 30 13:09:39 EDT 2003
Actually, you can, but you have to remove the "sysopt connection permit-pptp"
command that is usually used. In this case, you have to permit all the incoming
traffic to the PIX with an access-list (or conduit, I suppose), including the
PPTP traffic (GRE and TCP/1723). Since you're using an access-list to allow
that traffic, you can also restrict the source, which is what you want.
HTH
Dana
--
Dana J. Dawson djdawso at qwest.com
Senior Staff Engineer CCIE #1937
Qwest Communications (612) 664-3364
600 Stinson Blvd., Suite 1S (612) 664-4779 (FAX)
Minneapolis MN 55413-2620
"Hard is where the money is."
shannong wrote:
> No. VPDN cannot be restricted by IP on the Pix. Instead, you'll need
> to use an ACL on the router in front. You can do real VPNs using IPSec
> and specify the IPs that can have access by defining their pre-shared
> keys for IKE. All others will fail.
>
> -Shannon
>
> -----Original Message-----
> From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com] On
> Behalf Of silvia ghezzi
> Sent: Tuesday, April 29, 2003 2:27 AM
> To: vpn at lists.shmoo.com
> Subject: [VPN] VPN on Cisco PIX
>
> Hello,
>
> I have enabled a PPTP VPN to my CISCO PIX, but I
> cannot find the way to filer the public source IP
> address to establish VPN with PIX, so at the moment
> everybody can create a VPN with us and we don't want
> this.
>
> Is there a way to prevent this?
>
> Many thanks
> Regards
>
> Silvia
More information about the VPN
mailing list