I have a vpn that I need to set up with a remote office. The purpouse of this VPN is to be able to support the servers and PCs at the remote office, so the main office needs access to the whole IP range (ie. 192.168.0.0 255.255.255.0). Now while I want to be able to have full access from the main office to the remote office, I don't want the remote office to be able to access any of the machines at the main office.
My question is then, can I restrict the VPN traffic to only one way? If I have an outside_cryptomap_# access-list set up to allow the traffic over the VPN, can I then restrict it further by adding a deny in my outside_access_in access-list, or does it just skip those all together?
The devices that will be terminating the VPN will be PIX 515s software version 7.1(1). I need to be able to restrict with commands on the main office PIX because the remote office PIX is accessible by other technicians.
The only way I have heard of ACL'ing VPN traffic on the same box as the VPN end point is to use a loopback interface and PBR. I've never done it though. A firewall of course could take care of it for you. Hopefully if there is a better way someone will post it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...