cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
195
Views
4
Helpful
1
Replies

Denying VPN clients access thru PIX to a private network

DKMark
Level 1
Level 1

PIX V6.2 running PAT to a single IP address

Problem:

Cisco concentrator clients and Nortel VPN clients on the private interface of the PIX are able to use software VPN clients and log onto external VPN devices. Is there a way to ensure that these connections will not be permited by default?

1 Reply 1

mike-greene
Level 4
Level 4

Hi, how about this...

access-list 101 deny udp any any eq isakmp

access-list 101 permit ip any any

!

access-group 101 in interface inside

This will deny port 500 from leaving the inside network.

Hope that helps...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: