02-10-2004 07:55 AM - edited 03-09-2019 06:22 AM
I have a tunnel set up between two pix that allows all traffic to pass. I want to only allow ftp traffic but when I add the appropriate line in my access list it breaks the connection. Any ideas?
02-16-2004 09:34 AM
Have you tried removing the the "sysopt connection permit-ipsec" command, and using only ACLs to permit traffic. It works sometimes.
02-16-2004 04:54 PM
by disabling the command 'sysopt connection permit-ipsec', all the vpn traffic will be examined on the outside interface of the pix. thus you will need to configure inbound access list.
access-l xxx permit tcp
access-l xxx permit tcp
access-g in inter outside
one thing should be noticed is that you would also need access list for remote vpn and other lan-to-lan vpn.
hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide