Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
504
Views
0
Helpful
1
Replies

VPN's on PIX and the sysopt command

robin
Level 1
Level 1

‎09-28-2001 08:25 AM - edited ‎02-21-2020 11:26 AM

I have set up a VPN between 2 PIX firewalls and it works fine but I have a problem with the sysopt connection command which assumes you explicitly trust all traffic from the other network which may not be the case.

Is there any way of filtering traffic per ipsec policy or how do you set up a vpn without this command? (all the sample configs use it).

Thanks in Advance,

Robin

Labels:
0 Helpful
1 Reply 1

rrbleeker
Level 1
Level 1

‎10-01-2001 11:00 AM

You can set an access-list with networks that are allowed to pass the VPN connection. By using the 'crypto map <#> match address ' it will be related to the VPN session of your choice.

The other side of the connection requires a similar (but mirrored) access-list.

I hope this answers your question.

0 Helpful
Customers Also Viewed These Support Documents