Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
2
Replies

vpn over fw

Carlos A. Silva
Level 3
Level 3

‎03-19-2003 04:16 PM - edited ‎02-21-2020 12:25 PM

i have the following setup:

pcwithvpnclient----(in1)---pix1---(out1)---internet---(ou21)---pix2---(in2)

say i establish a vpn between the client and pix2.

once that that vpn is established, will that make the pc with the vpn client vulnerable to the user on in2? that is, i understand that i will be able to make requests to the hosts on in2, but will those host be able to do stuff to the pcvpnclient?

Labels:
0 Helpful
2 Replies 2

nsteup
Level 1
Level 1

‎03-19-2003 09:54 PM

Hi,

it depends on your access-rules on pix 2. If the VPN-tunnnel is established then all traffic matching the crypto config is forwarded to the tunnel endpoint. Stateful inspection (conn-table, xlate, fixup, etc) is working of course. So define access-rules that allow exactly what your client needs and reject all unwanted traffic.

Hope this helps

Norbert

0 Helpful

Carlos A. Silva
Level 3
Level 3
In response to nsteup

‎03-20-2003 07:17 AM

so what you're saying is i should create access lists to deny specific traffic over the established vpn to this pc? what i was worried about is that i know i will be able to reach the in2 on pix2 no problem, but i don't want anything on in2 to be able to do stuff to my pc on in1.

thanks,

c.

0 Helpful
Customers Also Viewed These Support Documents