Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
1
Replies

PIX 501 RA VPN filter

networker99
Level 1
Level 1

‎03-21-2012 05:12 PM

Is it possible to filter remote acces VPN traffic on a PIX 501 (like you can on an ASA?)

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎03-26-2012 08:42 AM

Hi,

My guess would be that you can't configure VPN Filter on an PIX 501. (Quickly going through command reference for software 6.3 didnt show the command in the listing atleast or I just didnt find it)

Though I guess you could probably do the same thing on PIX 501 that I just mentioned in another post here on this forum section.

Disable to the option that lets VPN traffic pass your outside interface Access-list. In PIX 6.3 software the command format should be the following (with "no" keyword in front):

connection permit-ipsec

Implicitly permit any packet that came from an IPSec tunnel and bypass the checking of an associated access-list, conduit, or access-group command statement for IPSec connections.

This would let you control remote -> local traffic in outside interface access-list and local -> remote on the PIXs interface access-lists.

I guess you can also control the remote user traffic by using split-tunneling on your VPN Client connections. Allow traffic only to certain hosts/networks behind the PIX firewall. Then again, for more presice controlling of the traffic you would have to use access-lists.

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents