I want to run my dial-in VPN clients through the rulebase as does all the other traffic. I can do this by removing 'sysopt connection permit-ipsec', and letting them access resources via outside_access_in. However if I do this, do I also need to allow a rule to terminate the IPSec tunnel against the Outside Interface as well?
Nope. ACL's on the PIX only effect (affect, I can never remember which one) transit traffic, that is traffic going through the PIX. Packets destined *to* the PIX are not processed by the ACL. Since the IPSec tunnel is terminated on the PIX, you do not need to add an ACL statement to allow this traffic in. If you do remove the sysopt connection permit-ipsec, you will need to create ACL's that allow the traffic into your network that you want from the VPN clients. The source addresses you will use for these ACL's are going to be from the range you assigned to the VPN pool. Good luck.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...