Firewall Wizards mailing list archives
Decrypted VPN traffic and access lists on outside interface of PIX
From: John Galt <jgalt163 () comcast net>
Date: Mon, 23 Aug 2004 09:13:58 -0400
Hello All, Can someone please clear something up for me.Is decrypted traffic from a site-to-site VPN sent back through an access list that is applied to the outside interface of a PIX?
For example: If a crypto map match entry uses an access list that includes: permit ip 192.168.10.1 255.255.255.255 192.168.20.2 255.255.255.255Assuming that the VPN successfully connects and there is full IP connectivity between local host 192.168.10.1 and remote host 192.168.20.2.
If I then use the access-group command on the outside interface and apply an access list that includes:
permit tcp host 192.168.2.20 host 192.168.1.10 eq telnet deny ip host 192.168.2.20 host 192.168.1.10Would access be restricted to only telnet traffic from remote host 192.168.2.20 to local host 192.168.1.10
Thanks. John _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Decrypted VPN traffic and access lists on outside interface of PIX John Galt (Aug 25)
- Re: Decrypted VPN traffic and access lists on outside interface of PIX Patrick M. Hausen (Aug 26)
- Re: Decrypted VPN traffic and access lists on outside interface of PIX stephane nasdrovisky (Aug 26)
- <Possible follow-ups>
- RE: Decrypted VPN traffic and access lists on outside interface of PIX Melson, Paul (Aug 26)