IPsec VPN - limit access

Unanswered Question
Aug 3rd, 2007
User Badges:

We need deploy IPSEC between two sites A and B (A is PIX 7.0 B is router 800 12.4)

But we need limit access in following way:

from A to B : few PCs remote desktop to one PC

from B to A : one PC to one server on one port...

I know that ACL defining interesting traffic should be mirrored but traffic what we need is not symetric... Is possible restrict access only for traffic i specified???

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Fri, 08/03/2007 - 04:57
User Badges:
  • Blue, 1500 points or more

mirror your acl's as you normally would. Then define regular interface acl's at either end to control/allow only the traffic you want in/out.

On the pix, if you have 'sysopt connection permit-vpn' enabled though, all vpn traffic will bypass interface ACL checking, so be careful if that command is enabled.


This Discussion