Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Securing VPN

I need to set up a Vpn between a Pix Firewall and a Netscreen firewall.The problem is that I need to secure it down to certain hosts in both networks.

How can I stop certain hosts from connecting from the remote site.

Can the access list that defines IPSEC traffic be set upo to stop these remote hosts?

  • Other Security Subjects
3 REPLIES
Cisco Employee

Re: Securing VPN

Hi Nicholls,

You can definately achieve that by keeping the Interesting traffic access-list to just the specific hosts that you want to go through the IPSec tunnel.

Hope this helps,

Regards,

Aamir Waheed,

Cisco Systems, Inc.

-=-=-

New Member

Re: Securing VPN

Does the access list only work one way ie will it only look a t the source address to see if the packet is to be encrypted.Am I correct in assuming that when an IPSEC packet comes into the Firewall from remote then the access list ignores this packet ?

ie if you have

access list vpn permit ip host 192.168.1.2 (local) host 172.1.1.1(remote)

Would this stop host 172.1.1.2 from initiating a connection to 192.168.1.2?

New Member

Re: Securing VPN

You are correct, your local firewall will drop the packet when remote host 172.1.1.2 initiates a connection.

70
Views
0
Helpful
3
Replies
This widget could not be displayed.