04-11-2006 11:47 AM - edited 02-21-2020 02:21 PM
I have a VPN tunnel setup in my lab between a PIX525 and a VPN Concentrator.
I can't figure out how to deny inbound traffic on the PIX side coming across
the tunnel. I have "crypto map partner-map 12 match address acl_hit1" in the
config but I think that only defines interesting traffic. I have been
searching around and can't seem to find the answer. Any help would be
greatly appreciated.
04-12-2006 11:13 PM
Hello,
can you post the configuration of your PIX as it is right now ?
The ´crypto map´ command indeed only defines the traffic that should be encrypted and flow through the tunnel. If you define your access list ´acl_hit1´ to deny all traffic, that would effectively block all traffic, but I guess that is now what you are looking for...
Regards,
GNT
04-12-2006 11:40 PM
You can explicitly allow the traffic to come over the IPsec tunnel by making the changes in the Access-list.
04-13-2006 06:23 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide