Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Access-list for IPSEC tunnel on PIX

Hi,

I would like to know if it is possible to filter access for remote networks to access my network on a L2L IPSEC Tunnel.

Actually, I always configure my VPN that way:

access-list ACL_CRYPTO permit ip inside_netowrk remote_network

access-list ACL_NONAT permit ip inside_netowrk remote_network

access-list ACL_INSIDE permit ip inside_network remote_network

and the mirror on the remote site...

I can filter the remote networks on the remote PIX with the ACL_INSIDE, but if I want to filter the remote network on my central PIX... what can I do?

Thanks

Romain

2 REPLIES
Green

Re: Access-list for IPSEC tunnel on PIX

Remove sysopt conn permit-ipsec and write access in your interface acl's. I don't know what version you're running but another option is vpn-filter under the tunnel group policy.

New Member

Re: Access-list for IPSEC tunnel on PIX

I use 6.3.5 version on the HQ PIX and ASA 5510 with 7.2.2 on remote site.

180
Views
0
Helpful
2
Replies
CreatePlease to create content