Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
1
Replies

PIX site to site VPN

j-barrett
Level 1
Level 1

‎04-13-2004 05:59 AM

When doing site-site VPN on PIX and using the "sysopt connection permit-ipsec" command does this mean that once de-crypted all traffic will be allowed through.

Every example of PIX site-site I have looked at makes no mention of any access-lists applied to the outside interface when "sysopt connection permit-ipsec" is configured.

I thought once de-crypted the traffic would then need to match an access-list to continue it's journey to a higher security interface.

Please help, I'm confused.

Labels:
0 Helpful
1 Reply 1

jasobrown
Level 1
Level 1

‎04-13-2004 07:35 AM

You are correct. When using "sysopt connection permit-ipsec" it bypasses all access-list checks. In order to have traffic match acls you need to disable it and include the VPN traffic in you acl on the outside interface.

0 Helpful
Customers Also Viewed These Support Documents