Access-list for IPSEC tunnel on PIX

Unanswered Question
Jun 13th, 2007


I would like to know if it is possible to filter access for remote networks to access my network on a L2L IPSEC Tunnel.

Actually, I always configure my VPN that way:

access-list ACL_CRYPTO permit ip inside_netowrk remote_network

access-list ACL_NONAT permit ip inside_netowrk remote_network

access-list ACL_INSIDE permit ip inside_network remote_network

and the mirror on the remote site...

I can filter the remote networks on the remote PIX with the ACL_INSIDE, but if I want to filter the remote network on my central PIX... what can I do?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Wed, 06/13/2007 - 04:52

Remove sysopt conn permit-ipsec and write access in your interface acl's. I don't know what version you're running but another option is vpn-filter under the tunnel group policy.

rdubo Wed, 06/13/2007 - 04:56

I use 6.3.5 version on the HQ PIX and ASA 5510 with 7.2.2 on remote site.


This Discussion