Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 6.3 on 506e for VPN requirement only - default filters secure ?

If I want to use a PIX device specifically for VPN only, is the default filter configuration etc. secure ? Esentially after assigning IP addresses to either interface, I will configure either client-site or site-site using PDM. This means the only "access rule" defined will be the implicit outbound rule. Do I need to make any changes to access rules/filters to block unwanted traffic unrelated to the IPsec VPN ?

Cisco Employee

Re: PIX 6.3 on 506e for VPN requirement only - default filters s

By default all outbound traffic (from inside to outside) thru the PIX is allowed, while all inbound traffic (from outside to inside) is denied. If you don't add any mappings or access-lists then this default behaviour will still be valid.

If you're just using it for VPN traffic, you should be fine. Use the PDM Wizard to create everything for you and the only traffic that will come in will be VPN traffic.

Keep in mind that if you do want your inside users to go out thru this PIX then you do need to add a translation rule for them to go out, but again, just adding this won't allow any traffic in (except the return traffic).

CreatePlease to create content