Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
0
Helpful
1
Replies

Pix 515E Ipsec Peer ACL

rod.caglia
Level 1
Level 1

‎01-09-2003 12:18 AM - edited ‎02-21-2020 12:16 PM

I have a Pix 515E at my main site and some remote routers [Pix and Netopia]

that are coming in as Ipsec peer to peer connections.

Currently my remotes have static Ip's, and I have sysopt connection permit-ipsec enabled. Is there any way to remove the [sysopt connection permit-ipsec]

and setup the remote Ip's only for permit ipsec?

Currently if I do an NMAP scan of my Pix 515E from a remote network it shows udp port 500 open. I like to keep ports locked down for only remote Ip's I allow.

I've talked to a few people about this, including a couple of Cisco Pix support personal but never got a full explanation on how to make it work.

TIA

Rod

Labels:
0 Helpful
1 Reply 1

b-pelphrey
Level 1
Level 1

‎01-09-2003 05:42 AM

I believe you can. I can't remember the exact syntax, but I know you will need (depending on your transform-set) individual acl statements for each protocol.

Example:

a acl for the AH portion

a acl for the ESP portion

a acl for the ISAKMP portion

I know I have seen this syntax before, and I will look for it. But I am sure if you actually try to configure it on your fw you will be able to figure it out.

Hope this helps, and I will look for the exact syntax.

0 Helpful
Customers Also Viewed These Support Documents