Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Blocking Traffic coming over a VPN Tunnel

I have a VPN tunnel setup in my lab between a PIX525 and a VPN Concentrator.

I can't figure out how to deny inbound traffic on the PIX side coming across

the tunnel. I have "crypto map partner-map 12 match address acl_hit1" in the

config but I think that only defines interesting traffic. I have been

searching around and can't seem to find the answer. Any help would be

greatly appreciated.

3 REPLIES

Re: Blocking Traffic coming over a VPN Tunnel

Hello,

can you post the configuration of your PIX as it is right now ?

The ´crypto map´ command indeed only defines the traffic that should be encrypted and flow through the tunnel. If you define your access list ´acl_hit1´ to deny all traffic, that would effectively block all traffic, but I guess that is now what you are looking for...

Regards,

GNT

Silver

Re: Blocking Traffic coming over a VPN Tunnel

You can explicitly allow the traffic to come over the IPsec tunnel by making the changes in the Access-list.

New Member

Re: Blocking Traffic coming over a VPN Tunnel

I have attached a "cleaned" config for you to look at. I need to allow FTP to the concentrator side but deny it deny it coming from concentrator side. I also need to specifically deny all unnecessary traffic.

118
Views
0
Helpful
3
Replies