https://community.cisco.com/t5/network-security/pix-520-reflexive-access-list/m-p/425200#M557506 <HTML><HEAD></HEAD><BODY><P>You can try to remove "sysopt connection permit-ipsec"</P><P></P></BODY></HTML> Sat, 04 Jun 2005 17:20:56 GMT a.alekseev 2005-06-04T17:20:56Z https://community.cisco.com/t5/network-security/pix-520-reflexive-access-list/m-p/425199#M557502 <P>We require a site to site connection across the internet for a customer. The customer requires connectivity from the Head Office to all devices at the remote site with return data. </P><P>The customer does not want the remote site to be able to initiate access to devices at the Head Office.</P><P>This can be done using a reflexive access list in a router but this is not available on a PIX.</P><P>We need to be able to do the equivalent in a PIX 520.</P><P>Note we can not use the inside interface of the PIX on the internet side as this is a security issue.</P> Fri, 21 Feb 2020 08:11:11 GMT https://community.cisco.com/t5/network-security/pix-520-reflexive-access-list/m-p/425199#M557502 jcrncich 2020-02-21T08:11:11Z https://community.cisco.com/t5/network-security/pix-520-reflexive-access-list/m-p/425200#M557506 <HTML><HEAD></HEAD><BODY><P>You can try to remove "sysopt connection permit-ipsec"</P><P></P></BODY></HTML> Sat, 04 Jun 2005 17:20:56 GMT https://community.cisco.com/t5/network-security/pix-520-reflexive-access-list/m-p/425200#M557506 a.alekseev 2005-06-04T17:20:56Z