say i establish a vpn between the client and pix2.
once that that vpn is established, will that make the pc with the vpn client vulnerable to the user on in2? that is, i understand that i will be able to make requests to the hosts on in2, but will those host be able to do stuff to the pcvpnclient?
it depends on your access-rules on pix 2. If the VPN-tunnnel is established then all traffic matching the crypto config is forwarded to the tunnel endpoint. Stateful inspection (conn-table, xlate, fixup, etc) is working of course. So define access-rules that allow exactly what your client needs and reject all unwanted traffic.
so what you're saying is i should create access lists to deny specific traffic over the established vpn to this pc? what i was worried about is that i know i will be able to reach the in2 on pix2 no problem, but i don't want anything on in2 to be able to do stuff to my pc on in1.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...