Patrick Laidlaw Mon, 04/24/2006 - 23:47
User Badges:
  • Gold, 750 points or more


Two ways to do this one is an outgoing access-list on your inside interface the other is set your vpn match access-list to just allow tcp port 80. So on you "ab" acl add eq 80 and you'll only traffic destined to port 80 will be allowed down that tunnel.

access-list ab extended permit ip eq 80


Please rate any posts that are helpful.

Fernando_Meza Tue, 04/25/2006 - 00:24
User Badges:
  • Gold, 750 points or more

You can control by modifying the access list been used for the interesting traffic ( Traffic that will be encrypted ). You need to make sure the change is performed in both PIXes.


access-list VPN-L2L-Access permit tcp x.x.x.0 y.y.y.0 eq 80


access-list VPN-L2L-Access permit tcp y.y.y.0 x.x.x.0 eq 80

Also this traffic has to be exented of NAT and allowed on any access-list you might have appied to the respective internal interfaces.


This Discussion