Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
2
Replies

Restrict VPN traffic to allow only port 80

tajm
Level 1
Level 1

‎04-24-2006 11:04 PM

I am using 7.0 on pix 525. I have the ipsec tunnel up and running. I would like to restric the tunnel traffic only to port 80.

Labels:
Preview file
3 KB
0 Helpful
2 Replies 2

Patrick Laidlaw
Level 4
Level 4

‎04-24-2006 11:47 PM

Hello,

Two ways to do this one is an outgoing access-list on your inside interface the other is set your vpn match access-list to just allow tcp port 80. So on you "ab" acl add eq 80 and you'll only traffic destined to port 80 will be allowed down that tunnel.

access-list ab extended permit ip 10.192.0.0 255.255.0.0 10.100.24.0 255.255.248.0 eq 80

Patrick

Please rate any posts that are helpful.

0 Helpful

Fernando_Meza
Level 7
Level 7

‎04-25-2006 12:24 AM

You can control by modifying the access list been used for the interesting traffic ( Traffic that will be encrypted ). You need to make sure the change is performed in both PIXes.

PIX1.

access-list VPN-L2L-Access permit tcp x.x.x.0 255.255.255.0 y.y.y.0 255.255.255.0 eq 80

PIX2

access-list VPN-L2L-Access permit tcp y.y.y.0 255.255.255.0 x.x.x.0 255.255.255.0 eq 80

Also this traffic has to be exented of NAT and allowed on any access-list you might have appied to the respective internal interfaces.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents