cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
402
Views
0
Helpful
3
Replies

Securing VPN

s.nicholls
Level 1
Level 1

I need to set up a Vpn between a Pix Firewall and a Netscreen firewall.The problem is that I need to secure it down to certain hosts in both networks.

How can I stop certain hosts from connecting from the remote site.

Can the access list that defines IPSEC traffic be set upo to stop these remote hosts?

3 Replies 3

awaheed
Cisco Employee
Cisco Employee

Hi Nicholls,

You can definately achieve that by keeping the Interesting traffic access-list to just the specific hosts that you want to go through the IPSec tunnel.

Hope this helps,

Regards,

Aamir Waheed,

Cisco Systems, Inc.

-=-=-

Does the access list only work one way ie will it only look a t the source address to see if the packet is to be encrypted.Am I correct in assuming that when an IPSEC packet comes into the Firewall from remote then the access list ignores this packet ?

ie if you have

access list vpn permit ip host 192.168.1.2 (local) host 172.1.1.1(remote)

Would this stop host 172.1.1.2 from initiating a connection to 192.168.1.2?

You are correct, your local firewall will drop the packet when remote host 172.1.1.2 initiates a connection.