Hi,
My guess would be that you can't configure VPN Filter on an PIX 501. (Quickly going through command reference for software 6.3 didnt show the command in the listing atleast or I just didnt find it)
Though I guess you could probably do the same thing on PIX 501 that I just mentioned in another post here on this forum section.
Disable to the option that lets VPN traffic pass your outside interface Access-list. In PIX 6.3 software the command format should be the following (with "no" keyword in front):
connection permit-ipsec | Implicitly permit any packet that came from an IPSec tunnel and bypass the checking of an associated access-list, conduit, or access-group command statement for IPSec connections. |
This would let you control remote -> local traffic in outside interface access-list and local -> remote on the PIXs interface access-lists.
I guess you can also control the remote user traffic by using split-tunneling on your VPN Client connections. Allow traffic only to certain hosts/networks behind the PIX firewall. Then again, for more presice controlling of the traffic you would have to use access-lists.
- Jouni