Firewall Wizards mailing list archives
Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists"
From: Eric Gearhart <eric () nixwizard net>
Date: Sat, 16 May 2009 12:37:00 -0700
Sorry I accidentally sent that last email prematurely... anyway under "Default Group Policy" if you click manage there should be a "DfltGrpPolicy." You can create your own custom Group Policy for this tunnel, and specify a filter for this group policy. The filter you select is just an extended access list, and your "source" is the remote network from your VPN peer, "destination" is your local networks on your local ASA. Here's the obligatory Cisco link that explains all this: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml -- Eric http://nixwizard.net _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Michael Tewner (May 13)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Farrukh Haroon (May 14)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Paul Melson (May 14)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Eric Gearhart (May 17)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Eric Gearhart (May 17)
- Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists" Michael Tewner (May 24)