PPPOE Tunnel ACL between Pix515 and Router

Answered Question
Feb 9th, 2008

Coporate site have Pix515 and remote site has router. I have a tunnel setup from a remote site to the corporate office. I am looking for information on ACL's to apply to the dialer interface to allow ipsec/ isakmp and all traffic from corporate office to remote site. Do you allow the public address of PIX to access remote router with ipsec/ isakmp traffic and corporate private network address for pop3/ smtp and udp.

I have this problem too.
0 votes
Correct Answer by iraban about 8 years 9 months ago

yes you have to add ACLS on the dialer interafce on the router.

what you would do is assuming subnet A is behind router and subnet B is next to the Pix.

On A you would permit A's local subnet to A's remote i.e permit A to B and on the pix just the reverse. and no you dont define the public ip in the interesting traffic.

Correct Answer by hadbou about 8 years 10 months ago

The PIX with the dynamic address will look something like the Tiger config and the other PIX will

look something like the Lion config.

http://www.cisco.com/warp/public/110/38.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
keyyo0200 Fri, 02/15/2008 - 13:26

I have the PPPOE router to PIX up and running. I am looking for information on adding and ACL to the dialer interface on the router to prevent unwanted traffic from entering the router. I have no problem with the PIX configuration.

Correct Answer
iraban Tue, 02/19/2008 - 06:50

yes you have to add ACLS on the dialer interafce on the router.

what you would do is assuming subnet A is behind router and subnet B is next to the Pix.

On A you would permit A's local subnet to A's remote i.e permit A to B and on the pix just the reverse. and no you dont define the public ip in the interesting traffic.

Actions

This Discussion