https://community.cisco.com/t5/network-security/controlling-vpn-client-access-on-pix/m-p/376753#M1059644 <HTML><HEAD></HEAD><BODY><P>i will try to make some acls matchingthe intersting traffic on the inside interface , the sysopt command only overwrites the acl on the outside interface </P></BODY></HTML> Tue, 18 Jan 2005 23:55:16 GMT carlogon 2005-01-18T23:55:16Z https://community.cisco.com/t5/network-security/controlling-vpn-client-access-on-pix/m-p/376751#M1059639 <P>Does anyone have any idea on controlling VPN client access once they get connected thru VPN (PIX).</P><P></P><P>I tried using access-list but it does not filter out correct as defined by ports.</P><P></P> Fri, 21 Feb 2020 07:44:57 GMT https://community.cisco.com/t5/network-security/controlling-vpn-client-access-on-pix/m-p/376751#M1059639 jeffrey.chong 2020-02-21T07:44:57Z https://community.cisco.com/t5/network-security/controlling-vpn-client-access-on-pix/m-p/376752#M1059641 <HTML><HEAD></HEAD><BODY><P>The sysopt permit Ipsec will overide the acls on the interfaces for your vpn traffic. You will need to take the sysopt out. Then on the outside interface build your ACL to allow isakmp and ESP/AH traffic. Once you do that you can now limit your traffic per ACL on the outside or inside interface. That it is up to you and your security policy.</P></BODY></HTML> Tue, 16 Nov 2004 15:48:03 GMT https://community.cisco.com/t5/network-security/controlling-vpn-client-access-on-pix/m-p/376752#M1059641 jay_colby 2004-11-16T15:48:03Z https://community.cisco.com/t5/network-security/controlling-vpn-client-access-on-pix/m-p/376753#M1059644 <HTML><HEAD></HEAD><BODY><P>i will try to make some acls matchingthe intersting traffic on the inside interface , the sysopt command only overwrites the acl on the outside interface </P></BODY></HTML> Tue, 18 Jan 2005 23:55:16 GMT https://community.cisco.com/t5/network-security/controlling-vpn-client-access-on-pix/m-p/376753#M1059644 carlogon 2005-01-18T23:55:16Z