Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

One way VPN with PIX

Is it possible to make a VPN with pix one way. I only control one firewall (the pix) and I want to be able to access the full other network but not vice versa. If so how do I do it? thanks in advance!

3 REPLIES
Bronze

Re: One way VPN with PIX

I guess this is what the whole world is doing with PIX using it as just a firewall.

But for academic interests, since the SA association is unidirectional, you can give it a try by configuring only in the direction you want it.

http://www.cisco.com/en/US/customer/tech/tk648/tk367/technologies_tech_note09186a0080094206.shtml

New Member

Re: One way VPN with PIX

I think you missunderstood me I want a one way VPN tunnel.

So network X can access network Y but not vicie versa trough VPN.

New Member

Re: One way VPN with PIX

I've never done this, but assuming it's TCP you may be able to play with the established parameter, also assuming the Pix supports that. You have to be careful that the ACLs match, but why couldn't have on the side allowing all traffic read like:

access-list 100 permit tcp 1.1.1.1 2.2.2.2

and on the other:

access-list 100 permit tcp 2.2.2.2 1.1.1.1 eq est

Regarding UDP/Netbios, there is not much you can do there unless there were other firewalls past the ones doing the VPN.

--Jon

109
Views
0
Helpful
3
Replies
CreatePlease to create content