10-18-2006 06:23 AM - edited 02-21-2020 02:40 PM
I would like to allow only 1 public ip to have remote access vpn to a PIX 506E,
already remove sysopt connection permit-ipsec.
apply access-list on the outside interface, VPN tunnel still can be establish even if I, apply acl with deny ip any any.
Can any one help?
10-23-2006 09:08 AM
access list coule be the better option try reconfiguraing the access-list
10-24-2006 12:47 PM
Hi
In this case the access-list will have no effect,
If you have a router in front of the pix you can do the restrictions there.
regards
Burim
10-26-2006 11:28 PM
There is no way to do it ?
10-26-2006 11:30 PM
the problem is this is a broadband connection to isp, the broadband router does not have any firewall capability.
10-27-2006 12:32 AM
Hi
to make this remote access more secure i would say to you try to implement certificate authentication and aaa, this the best way i think
regards
Burim
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: