Firewall Wizards mailing list archives
RE: Decrypted VPN traffic and access lists on outside interface of PIX
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Wed, 25 Aug 2004 10:23:48 -0400
As long as 'sysopt connection permit-ipsec' is NOT set on that PIX and that the outside interface is where the VPN tunnel terminates, then yes, that access-list would work. PaulM
-----Original Message----- Assuming that the VPN successfully connects and there is full IP connectivity between local host 192.168.10.1 and remote host 192.168.20.2. If I then use the access-group command on the outside interface and apply an access list that includes: permit tcp host 192.168.2.20 host 192.168.1.10 eq telnet deny ip host 192.168.2.20 host 192.168.1.10 Would access be restricted to only telnet traffic from remote host 192.168.2.20 to local host 192.168.1.10
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Decrypted VPN traffic and access lists on outside interface of PIX John Galt (Aug 25)
- Re: Decrypted VPN traffic and access lists on outside interface of PIX Patrick M. Hausen (Aug 26)
- Re: Decrypted VPN traffic and access lists on outside interface of PIX stephane nasdrovisky (Aug 26)
- <Possible follow-ups>
- RE: Decrypted VPN traffic and access lists on outside interface of PIX Melson, Paul (Aug 26)