Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
399
Views
0
Helpful
1
Replies

PIX VPN Client ACL problem

gokada
Level 1
Level 1

‎05-05-2004 10:46 AM - edited ‎02-21-2020 01:08 PM

I have a PIX 506e that terminates VPN Clients. Using the Cisco example (nat 0 access-list 80) does not provide for port/protocol mapping. Do you know any way that we can protect our inside resources by defining host-to-host/port-to-port protocol mapping?

Here's what I get:

Firewall(config)# nat (inside) 0 access-list 80

WARNING: access-list protocol or port will not be used

How can I be able to specify protocols as well as ip's?

Labels:
0 Helpful
1 Reply 1

llascare
Level 1
Level 1

‎05-10-2004 09:59 AM

The "nat 0 access-list 80" command is only used by the PIX to bypass NAT for the VPN traffic. If you dont have any other VPN configurations, then remove the "sysopt connection permit-ipsec" command, and add inbound access lists on the outside interface, in order to allow/deny certain ports.

0 Helpful
Customers Also Viewed These Support Documents