I have a Pix 515E at my main site and some remote routers [Pix and Netopia]
that are coming in as Ipsec peer to peer connections.
Currently my remotes have static Ip's, and I have sysopt connection permit-ipsec enabled. Is there any way to remove the [sysopt connection permit-ipsec]
and setup the remote Ip's only for permit ipsec?
Currently if I do an NMAP scan of my Pix 515E from a remote network it shows udp port 500 open. I like to keep ports locked down for only remote Ip's I allow.
I've talked to a few people about this, including a couple of Cisco Pix support personal but never got a full explanation on how to make it work.
TIA
Rod