Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX - Can extended ACL's be used as crypto ACL's on a PIX

Reply
Thread Tools

PIX - Can extended ACL's be used as crypto ACL's on a PIX

 
 
Shad T
Guest
Posts: n/a
 
      06-29-2004
Pix 6.3(3)

I have read on one source that v5.1 and above should support greater
protocol and port granularity for the crypto ACL's, but I have not
been able to confirm if this is possible and the proper configuration
(given both sides of the tunnel may use different vendors).

So here are my questions:

1. Can you please confirm if it is possible to use an extended
access-list as a crypto ACL?

2. If so, do all of the associated denied and allowed port/protocols
ACL's and policies (if not pix on the other end) have to match
exactly? I am assuming the answer is yes.


Situation in which it will be applied:

We have a site that has many many tunnels and most have private class
on the remote end. Some of these tunnels terminate to vendors and
clients that we may not want to have complet IP access back into the
associated hosts/networks in the crypto ACL. If we disable sysopt
connection permit ipsec . . . we would have to open up a ton of
private class networks with full ip access off of our direct inbound
ACL (this is not preferable).


Thanks,

Shad
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can Groovy be used in an applet and/or can it generate the Java bytecodes that then can be used in an applet? Casey Hawthorne Java 1 03-18-2009 12:56 AM
clear crypto map in pix jcharth@hotmail.com Cisco 2 10-27-2005 04:50 PM
Q: PIX Firewall - Clear crypto ipsec `? Martin Bilgrav Cisco 1 10-17-2005 02:28 PM
PIX to Router VPN - Remote Subnet Access - CRYPTO-4-RECVD_PKT_INV_IDENTITY: identity doesn't match Scooter Cisco 0 03-03-2005 10:56 PM
multiple crypto maps on cisco pix tical Cisco 2 12-02-2003 05:56 PM



Advertisments