PIX515, v 7.2(2) - only allow specific TCP ports within IPSEC SIte to Site

Unanswered Question
Sep 20th, 2007

I have created a site to site tunnel between two organizations. Org A wants to limit Org B to specific TCP ports on the destination hosts. Can this be done on the Org A PIX? I believe I could limit it by changing the cryptomap ACL on the Org B PIX, but then Org A does not control the access in.

Any suggestions appreciated.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rajbhatt Thu, 09/20/2007 - 03:11

HI,

In org A crypto map you could specify the source and the destination ports that u would allow for access from org B in the crypto ACL .

For example :

access-list ACL extended permit tcp host 10.19.61.15 eq 8888 host 192.16.157.123

(this will allow inbound access from org B to org A on port 8888 only )

access-list ACL extended permit tcp host 10.19.61.15 host 192.16.67.122 eq 80 (outbound access to org b only on port 80)

Raj

Actions

This Discussion