Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Securing VPN

I need to set up a Vpn between a Pix Firewall and a Netscreen firewall.The problem is that I need to secure it down to certain hosts in both networks.

How can I stop certain hosts from connecting from the remote site.

Can the access list that defines IPSEC traffic be set upo to stop these remote hosts?

  • Other Security Subjects
Cisco Employee

Re: Securing VPN

Hi Nicholls,

You can definately achieve that by keeping the Interesting traffic access-list to just the specific hosts that you want to go through the IPSec tunnel.

Hope this helps,


Aamir Waheed,

Cisco Systems, Inc.


New Member

Re: Securing VPN

Does the access list only work one way ie will it only look a t the source address to see if the packet is to be encrypted.Am I correct in assuming that when an IPSEC packet comes into the Firewall from remote then the access list ignores this packet ?

ie if you have

access list vpn permit ip host (local) host

Would this stop host from initiating a connection to

New Member

Re: Securing VPN

You are correct, your local firewall will drop the packet when remote host initiates a connection.

This widget could not be displayed.