Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
228
Views
0
Helpful
1
Replies

Ipsec packets

s.nicholls
Level 1
Level 1

‎12-21-2005 11:45 AM - edited ‎02-21-2020 02:09 PM

I have a site to site vpn but I am restriction ports to eg port 443 from address 1.1.1.1 to address 2.2.2.2, via the access-list statement. If I then try to telnet from 1.1.1.1 to 2.2.2.2 it doesn't work.(Which is correct) What I want to know is where is the packet dropped? I have sysopt connection permit-ipsec configured and an access list on the inside interface, but the packet is not being denied by this access list.Does anybody know what hapens to the telnet packet?

Labels:
0 Helpful
1 Reply 1

jackko
Level 7
Level 7

‎12-21-2005 03:26 PM

with the command "sysopt connection permit-ipsec" enabled, pix will ignore the inbound acl for all crypto traffic.

just wondering if these two ip 1.1.1.1 and 2.2.2.2 are server or the pix interface.

further, how do you restrict the traffic on port 443?

0 Helpful
Customers Also Viewed These Support Documents