Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
3
Replies

Blocking Traffic coming over a VPN Tunnel

dcearlock
Level 1
Level 1

‎04-11-2006 11:47 AM - edited ‎02-21-2020 02:21 PM

I have a VPN tunnel setup in my lab between a PIX525 and a VPN Concentrator.

I can't figure out how to deny inbound traffic on the PIX side coming across

the tunnel. I have "crypto map partner-map 12 match address acl_hit1" in the

config but I think that only defines interesting traffic. I have been

searching around and can't seem to find the answer. Any help would be

greatly appreciated.

Labels:
0 Helpful
3 Replies 3

globalnettech
Level 5
Level 5

‎04-12-2006 11:13 PM

Hello,

can you post the configuration of your PIX as it is right now ?

The ´crypto map´ command indeed only defines the traffic that should be encrypted and flow through the tunnel. If you define your access list ´acl_hit1´ to deny all traffic, that would effectively block all traffic, but I guess that is now what you are looking for...

Regards,

GNT

0 Helpful

attrgautam
Level 5
Level 5
In response to globalnettech

‎04-12-2006 11:40 PM

You can explicitly allow the traffic to come over the IPsec tunnel by making the changes in the Access-list.

0 Helpful

dcearlock
Level 1
Level 1
In response to globalnettech

‎04-13-2006 06:23 AM

I have attached a "cleaned" config for you to look at. I need to allow FTP to the concentrator side but deny it deny it coming from concentrator side. I also need to specifically deny all unnecessary traffic.

Preview file
12 KB
0 Helpful
Customers Also Viewed These Support Documents