Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote Access w/ PIX v7

I’m trying to control which vpn clients are able to create tunnels on the PIX. The PIX is configured to create tunnels based on identity certificates, however I’m unable to restrict which workstations can create a tunnel. I have configured the no sysopt connection permit-ipsec, but the ACL is not restricting the workstations.

1 REPLY
Bronze

Re: Remote Access w/ PIX v7

The "sysopt connection permit-ipsec" command will all traffic that comes inside the tunnel to pass through the PIX without another layer of access-control. Without this command, you need to open up your pix to allow specific traffic to pass that comes through the VPN tunnel. This command is useful only after the tunnel is built.

I am not sure if one can restrict the tunnel building based on the workstation IP address. Can some one throw more light on this?

101
Views
0
Helpful
1
Replies