×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

use of ACL with IPSEC to restrict some hosts

Unanswered Question
Sep 11th, 2003
User Badges:

I have the vpn set up between a pix and netscreen and everything works.

I have no control over the netscreen or its network. It has one host and clients on the inside of the pix have to telnet to the host.


I want to make sure that I protect my network from that machine. I know there has to be an access-list on the outside interface of my box...buty for that I have to remove:

sysopt connection permit-ipsec

But I dont want to remove the above command as I will run into trouble with other tunnels running on the PIX.

So my question is:

I want users behind PIX to be able to access a host behind netscreen but dont want that host to access my network behind PIX.... can I do that without removing sysopt.

Thanks in advance

Atul.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
e-aguilar Thu, 09/11/2003 - 14:38
User Badges:

Nope! Removing the sysopt connection permit-ipsec command is your only option.

Actions

This Discussion