Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX515, v 7.2(2) - only allow specific TCP ports within IPSEC SIte to Site

I have created a site to site tunnel between two organizations. Org A wants to limit Org B to specific TCP ports on the destination hosts. Can this be done on the Org A PIX? I believe I could limit it by changing the cryptomap ACL on the Org B PIX, but then Org A does not control the access in.

Any suggestions appreciated.

Thanks

1 REPLY
New Member

Re: PIX515, v 7.2(2) - only allow specific TCP ports within IPSE

HI,

In org A crypto map you could specify the source and the destination ports that u would allow for access from org B in the crypto ACL .

For example :

access-list ACL extended permit tcp host 10.19.61.15 eq 8888 host 192.16.157.123

(this will allow inbound access from org B to org A on port 8888 only )

access-list ACL extended permit tcp host 10.19.61.15 host 192.16.67.122 eq 80 (outbound access to org b only on port 80)

Raj

152
Views
0
Helpful
1
Replies
CreatePlease login to create content