Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists"

From: Michael Tewner <tewner () gmail com>
Date: Sun, 24 May 2009 08:03:08 +0300
Thanks Eric - That seems to be what I was missing.

By creating a new Group Policy, I can make this transition one tunnel at a
time, instead of creating all the rules I *THINK* I'll need, moving to
interface ACL's, and praying for the best....

Thank you Paul and Farrukh for your informative answers!


-Mike


On Sat, May 16, 2009 at 10:37 PM, Eric Gearhart <eric () nixwizard net> wrote:


Sorry I accidentally sent that last email prematurely... anyway under
"Default Group Policy" if you click manage there should be a
"DfltGrpPolicy." You can create your own custom Group Policy for this
tunnel, and specify a filter for this group policy. The filter you
select is just an extended access list, and your "source" is the
remote network from your VPN peer, "destination" is your local
networks on your local ASA.

Here's the obligatory Cisco link that explains all this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

--
Eric
http://nixwizard.net
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: