IPsec VPN - limit access

Unanswered Question
Aug 3rd, 2007

We need deploy IPSEC between two sites A and B (A is PIX 7.0 B is router 800 12.4)

But we need limit access in following way:

from A to B : few PCs remote desktop to one PC

from B to A : one PC to one server on one port...

I know that ACL defining interesting traffic should be mirrored but traffic what we need is not symetric... Is possible restrict access only for traffic i specified???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Fri, 08/03/2007 - 04:57

mirror your acl's as you normally would. Then define regular interface acl's at either end to control/allow only the traffic you want in/out.

On the pix, if you have 'sysopt connection permit-vpn' enabled though, all vpn traffic will bypass interface ACL checking, so be careful if that command is enabled.

Actions

This Discussion