04-24-2006 11:04 PM
I am using 7.0 on pix 525. I have the ipsec tunnel up and running. I would like to restric the tunnel traffic only to port 80.
04-24-2006 11:47 PM
Hello,
Two ways to do this one is an outgoing access-list on your inside interface the other is set your vpn match access-list to just allow tcp port 80. So on you "ab" acl add eq 80 and you'll only traffic destined to port 80 will be allowed down that tunnel.
access-list ab extended permit ip 10.192.0.0 255.255.0.0 10.100.24.0 255.255.248.0 eq 80
Patrick
Please rate any posts that are helpful.
04-25-2006 12:24 AM
You can control by modifying the access list been used for the interesting traffic ( Traffic that will be encrypted ). You need to make sure the change is performed in both PIXes.
PIX1.
access-list VPN-L2L-Access permit tcp x.x.x.0 255.255.255.0 y.y.y.0 255.255.255.0 eq 80
PIX2
access-list VPN-L2L-Access permit tcp y.y.y.0 255.255.255.0 x.x.x.0 255.255.255.0 eq 80
Also this traffic has to be exented of NAT and allowed on any access-list you might have appied to the respective internal interfaces.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: