Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
193
Views
3
Helpful
1
Replies

Port specifying ACL for PIX's IPSEC

northowl
Level 1
Level 1

‎02-19-2003 06:39 AM - edited ‎02-21-2020 12:21 PM

We just want to open for every customer with their VPN connection to our service one and only one tcp port (an ip address is the same always).

The guide for PIX is saying that specifying a port in a VPN access-list we can

decrease performance.

I just wonder how much is it ?

Does anybody have experience with it ?

Thank you.

Labels:
0 Helpful
1 Reply 1

ssoberlik
Level 4
Level 4

‎02-25-2003 08:18 AM

I am encrypting only Telnet traffic to my remote PIX for remote management and things seem to be working fine but it seems that if you have a large number of peers or clients whose access you are trying to restrict, specifying ports in the crypto access list will stress out your PIX. I don't remember coming across an exact figure but I guess it's bad enough to justify use of the term 'severely degrade' in one of the documents I read some time ago.

Customers Also Viewed These Support Documents