Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Denying VPN clients access thru PIX to a private network

PIX V6.2 running PAT to a single IP address

Problem:

Cisco concentrator clients and Nortel VPN clients on the private interface of the PIX are able to use software VPN clients and log onto external VPN devices. Is there a way to ensure that these connections will not be permited by default?

1 REPLY
Bronze

Re: Denying VPN clients access thru PIX to a private network

Hi, how about this...

access-list 101 deny udp any any eq isakmp

access-list 101 permit ip any any

!

access-group 101 in interface inside

This will deny port 500 from leaving the inside network.

Hope that helps...

87
Views
4
Helpful
1
Replies