Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPsec VPN - limit access

We need deploy IPSEC between two sites A and B (A is PIX 7.0 B is router 800 12.4)

But we need limit access in following way:

from A to B : few PCs remote desktop to one PC

from B to A : one PC to one server on one port...

I know that ACL defining interesting traffic should be mirrored but traffic what we need is not symetric... Is possible restrict access only for traffic i specified???

1 REPLY
Gold

Re: IPsec VPN - limit access

mirror your acl's as you normally would. Then define regular interface acl's at either end to control/allow only the traffic you want in/out.

On the pix, if you have 'sysopt connection permit-vpn' enabled though, all vpn traffic will bypass interface ACL checking, so be careful if that command is enabled.

117
Views
0
Helpful
1
Replies