Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
1
Replies

PIX515, v 7.2(2) - only allow specific TCP ports within IPSEC SIte to Site

kevburgess
Level 1
Level 1

‎09-20-2007 02:49 AM - edited ‎03-11-2019 04:13 AM

I have created a site to site tunnel between two organizations. Org A wants to limit Org B to specific TCP ports on the destination hosts. Can this be done on the Org A PIX? I believe I could limit it by changing the cryptomap ACL on the Org B PIX, but then Org A does not control the access in.

Any suggestions appreciated.

Thanks

Labels:
0 Helpful
1 Reply 1

rajbhatt
Level 3
Level 3

‎09-20-2007 03:11 AM

HI,

In org A crypto map you could specify the source and the destination ports that u would allow for access from org B in the crypto ACL .

For example :

access-list ACL extended permit tcp host 10.19.61.15 eq 8888 host 192.16.157.123

(this will allow inbound access from org B to org A on port 8888 only )

access-list ACL extended permit tcp host 10.19.61.15 host 192.16.67.122 eq 80 (outbound access to org b only on port 80)

Raj

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card