02-14-2003 03:34 PM - edited 02-21-2020 12:21 PM
PIX V6.2 running PAT to a single IP address
Problem:
Cisco concentrator clients and Nortel VPN clients on the private interface of the PIX are able to use software VPN clients and log onto external VPN devices. Is there a way to ensure that these connections will not be permited by default?
02-14-2003 10:57 PM
Hi, how about this...
access-list 101 deny udp any any eq isakmp
access-list 101 permit ip any any
!
access-group 101 in interface inside
This will deny port 500 from leaving the inside network.
Hope that helps...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community