Firewall Wizards mailing list archives

RE: Decrypted VPN traffic and access lists on outside interface of PIX

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Wed, 25 Aug 2004 10:23:48 -0400

As long as 'sysopt connection permit-ipsec' is NOT set on that PIX and
that the outside interface is where the VPN tunnel terminates, then yes,
that access-list would work.

PaulM

-----Original Message-----
Assuming that the VPN successfully connects and there is full IP 
connectivity between local host 192.168.10.1 and remote host 
192.168.20.2.

If I then use the access-group command on the outside 
interface and apply 
an access list that includes:

permit tcp host 192.168.2.20  host 192.168.1.10  eq telnet
deny ip host 192.168.2.20 host 192.168.1.10

Would access be restricted to only telnet traffic from  remote host 
192.168.2.20 to local host 192.168.1.10

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Decrypted VPN traffic and access lists on outside interface of PIX John Galt (Aug 25)
- Re: Decrypted VPN traffic and access lists on outside interface of PIX Patrick M. Hausen (Aug 26)
- Re: Decrypted VPN traffic and access lists on outside interface of PIX stephane nasdrovisky (Aug 26)
- <Possible follow-ups>
- RE: Decrypted VPN traffic and access lists on outside interface of PIX Melson, Paul (Aug 26)