we have two different vendor firewalls, with the first level being a cisco firewall. The setup is:
ISP <--> (Router) <--> (Cisco Firewall) <--> (other vendor firewall) <--> Internal LAN
We need to give remote users (with VPN clients installed), access to some resources to in the internal LAN.
My question where should i configure my IPSec VPN, for best security practice, considering that my Router, Firewall-1 & Firewall-2, all support VPN features.
Also I want to allow the remote users (who get assigned local IP from the internal IP Pool), to allow specific resources (read servers) & specific ports.
So can I implement an access-list, after the VPN is terminated & the users get their local pool IPs ?
Thanks & Regards
What is the version of code you are running on your PIX? If you are running 6.x version of code then you will not have the option to use vpn-filter command for restriction of certain IP address access.
You ought to be running 7.x version for that where you can specify an ACL to restrict traffic .
Also, only some PIX firewalls can be upgraded to 7.x version, please look into the link given below
If you cannot upgrade the PIX to 7.x version then you might have to use another VPN device.
Hope this answers your questions. Rate this post if it helped.