I have the vpn set up between a pix and netscreen and everything works.
I have no control over the netscreen or its network. It has one host and clients on the inside of the pix have to telnet to the host.
I want to make sure that I protect my network from that machine. I know there has to be an access-list on the outside interface of my box...buty for that I have to remove:
sysopt connection permit-ipsec
But I dont want to remove the above command as I will run into trouble with other tunnels running on the PIX.
So my question is:
I want users behind PIX to be able to access a host behind netscreen but dont want that host to access my network behind PIX.... can I do that without removing sysopt.
Thanks in advance