11-15-2004 08:02 PM - edited 02-20-2020 11:44 PM
Does anyone have any idea on controlling VPN client access once they get connected thru VPN (PIX).
I tried using access-list but it does not filter out correct as defined by ports.
11-16-2004 07:48 AM
The sysopt permit Ipsec will overide the acls on the interfaces for your vpn traffic. You will need to take the sysopt out. Then on the outside interface build your ACL to allow isakmp and ESP/AH traffic. Once you do that you can now limit your traffic per ACL on the outside or inside interface. That it is up to you and your security policy.
01-18-2005 03:55 PM
i will try to make some acls matchingthe intersting traffic on the inside interface , the sysopt command only overwrites the acl on the outside interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide