08-15-2007 08:04 PM - edited 03-09-2019 06:36 PM
PIX501 v6.3(3)is configured as Easy VPN client and authentication is done on
ACS server.
Downloadable ACL is applied to this vpn h/w client after the VPN connection
is established (shown in blue colour in the sh access-list output).
However, the are 2 dynamic ACL applied to the same connection which
override the downloadable ACL as defined in the ACS server for this VPN
group.
Question: How to get rid of the 2 dynamic ACLs as shown below?
access-list dynacl128; 1 elements
access-list dynacl128 line 1 permit ip any host 218.189.206.74 (hitcnt=0)
access-list dynacl129; 1 elements
access-list dynacl129 line 1 permit ip any FBP_Staging 255.255.255.0 (hitcnt=1)
08-21-2007 12:46 PM
I think it is not possible to avoid automatically generated dynamic ACLs, you may have to use some other interface for this or configure PIX with proper VPN configuration for client.
08-21-2007 06:41 PM
Thanks for your reply.
You suggest to use other interface, do these other interfaces can avoid to generate dynamic ACLs? Which interfaces should be used? Please advise.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: