Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
1
Replies

VPN & a PIX501

gbearman
Level 1
Level 1

‎05-28-2002 08:38 PM - edited ‎02-21-2020 11:46 AM

Hi, I have recently finished presenting the 501on a roadshow in conjunction with Cisco. During my time I got asked a alot of tricky questions which I was able to field most of bar a couple. Both were related to the way the PIX works in with a VPN tunnel.

With a 10 user licence on a PIX 501 will the 5 allowed VPN peers take up 5 licences while the tunnels are up?

When a tunnel is up is it subject to the same ACL rules as normal traffic would be or does the VPN tunnel circumnavigate the ACL rule base?

Thanks and I look forward to your response.

Regards

Glen

Labels:
0 Helpful
1 Reply 1

wiccisco
Level 1
Level 1

‎05-29-2002 08:16 PM

The license question is a good one. I look forward to someone sharing that answer.

As far as the ACL question the VPN traffic appears to get pulled into the tunnel based on the MATCH ADDRESS in the Crypto statement before applying interface ACLs. Our 501's use default ACL configurations which allow no inbound sessions yet we can create sessions in and out through the tunnel. Good luck finding details like that written down somewhere.

You next question is probably how to apply an ACL to tunnel traffic? Just don't include it in the MATCH ADDRESS ACL. Then filter it like normal.

Of course... test it yourself to be sure!

0 Helpful
Customers Also Viewed These Support Documents