Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ipsec packets

I have a site to site vpn but I am restriction ports to eg port 443 from address 1.1.1.1 to address 2.2.2.2, via the access-list statement. If I then try to telnet from 1.1.1.1 to 2.2.2.2 it doesn't work.(Which is correct) What I want to know is where is the packet dropped? I have sysopt connection permit-ipsec configured and an access list on the inside interface, but the packet is not being denied by this access list.Does anybody know what hapens to the telnet packet?

1 REPLY
Gold

Re: Ipsec packets

with the command "sysopt connection permit-ipsec" enabled, pix will ignore the inbound acl for all crypto traffic.

just wondering if these two ip 1.1.1.1 and 2.2.2.2 are server or the pix interface.

further, how do you restrict the traffic on port 443?

90
Views
0
Helpful
1
Replies