VPN Question

Answered Question


I am creating a VPN between a Juniper and PIX 8.x

I have successfully created the tunnel between remote network (Juniper and local network (PIX using the command sysopt conneciton permit-VPN and hosts on both networks can ping each other.

Now I want to restrict access via the tunnel so that remote host has only access to local host

Can this be achived using the crypto ACL's ? or do I need to issuse the no sysopt conneciton permit-vpn command and then set up an ACL on the PIX outside interface to only allow onto the local networ?? do I also need to configure the ACL to allow incoming IPSEC traffic from the remot host peer???

any help or examples would be appreciated.



I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 8 months ago

No, you do not have to disable the sysopt connection permit-vpn command.

This vpn-filter is applied to the tunnel-group for Juniper.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jennifer Halim Tue, 04/06/2010 - 02:18

You can configure vpn-filter to only allow traffic from remote host to local host


access-list juniper-filter permit ip host host

group-policy juniper-policy internal

group-policy juniper-policy attribute

     vpn-filter value juniper-filter

tunnel-group general-attributes

     default-group-policy juniper-policy

Hope that helps.


This Discussion