Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
3
Replies

Securing VPN

s.nicholls
Level 1
Level 1

‎02-05-2003 09:38 AM - edited ‎02-21-2020 12:19 PM

I need to set up a Vpn between a Pix Firewall and a Netscreen firewall.The problem is that I need to secure it down to certain hosts in both networks.

How can I stop certain hosts from connecting from the remote site.

Can the access list that defines IPSEC traffic be set upo to stop these remote hosts?

Labels:
0 Helpful
3 Replies 3

awaheed
Cisco Employee
Cisco Employee

‎02-05-2003 03:25 PM

Hi Nicholls,

You can definately achieve that by keeping the Interesting traffic access-list to just the specific hosts that you want to go through the IPSec tunnel.

Hope this helps,

Regards,

Aamir Waheed,

Cisco Systems, Inc.

-=-=-

0 Helpful

s.nicholls
Level 1
Level 1
In response to awaheed

‎02-06-2003 12:03 AM

Does the access list only work one way ie will it only look a t the source address to see if the packet is to be encrypted.Am I correct in assuming that when an IPSEC packet comes into the Firewall from remote then the access list ignores this packet ?

ie if you have

access list vpn permit ip host 192.168.1.2 (local) host 172.1.1.1(remote)

Would this stop host 172.1.1.2 from initiating a connection to 192.168.1.2?

0 Helpful

xiaoj
Level 1
Level 1
In response to s.nicholls

‎02-07-2003 09:01 AM

You are correct, your local firewall will drop the packet when remote host 172.1.1.2 initiates a connection.

0 Helpful
Customers Also Viewed These Support Documents