cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
239
Views
0
Helpful
1
Replies

Remote Access w/ PIX v7

info4work
Level 1
Level 1

I’m trying to control which vpn clients are able to create tunnels on the PIX. The PIX is configured to create tunnels based on identity certificates, however I’m unable to restrict which workstations can create a tunnel. I have configured the no sysopt connection permit-ipsec, but the ACL is not restricting the workstations.

1 Reply 1

vkapoor5
Level 5
Level 5

The "sysopt connection permit-ipsec" command will all traffic that comes inside the tunnel to pass through the PIX without another layer of access-control. Without this command, you need to open up your pix to allow specific traffic to pass that comes through the VPN tunnel. This command is useful only after the tunnel is built.

I am not sure if one can restrict the tunnel building based on the workstation IP address. Can some one throw more light on this?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: