filtering ipsec traffic pix to pix

Discussion in 'Cisco' started by Martin Eden, Jan 13, 2004.

  1. Martin Eden

    Martin Eden Guest

    I have 2 pix
    pix1
    pix2
    i have created a vpn pix to pix
    now on pix1 i want to put some acl that limit
    the access from pix2 versus pix1 lan

    In other words
    the entire lan behind pix2 must have access only to 3 clients on pix1 lan

    I don't have the access to pix2 because it isn't mine

    What can I do?

    pix1 lan 192.168.1.0 255.255.255.0
    pix2 lan 172.30.1.0 255.255.255.0
     
    Martin Eden, Jan 13, 2004
    #1
    1. Advertising

  2. Martin Eden

    Rik Bain Guest

    On Tue, 13 Jan 2004 05:05:04 -0600, Martin Eden wrote:

    > I have 2 pix
    > pix1
    > pix2
    > i have created a vpn pix to pix
    > now on pix1 i want to put some acl that limit the access from pix2
    > versus pix1 lan
    >
    > In other words
    > the entire lan behind pix2 must have access only to 3 clients on pix1
    > lan
    >
    > I don't have the access to pix2 because it isn't mine
    >
    > What can I do?
    >
    > pix1 lan 192.168.1.0 255.255.255.0
    > pix2 lan 172.30.1.0 255.255.255.0


    Disable "sysopt connection permit-ipsec" and use the outside access-list
    to filter the traffic.

    Rik Bain
     
    Rik Bain, Jan 13, 2004
    #2
    1. Advertising

  3. Martin Eden

    Martin Eden Guest

    One thing another
    if I have 4 pix in fully meshed vpn
    and the 5th pix connetc in vpn to only one pix
    if I Disable "sysopt connection permit-ipsec"
    for the other what change in configuration

    i try to disable to every one "sysopt connection permit-ipsec"
    and modify the connection??????

    "Rik Bain" <> wrote in message
    news:p...
    > On Tue, 13 Jan 2004 05:05:04 -0600, Martin Eden wrote:
    >
    > > I have 2 pix
    > > pix1
    > > pix2
    > > i have created a vpn pix to pix
    > > now on pix1 i want to put some acl that limit the access from pix2
    > > versus pix1 lan
    > >
    > > In other words
    > > the entire lan behind pix2 must have access only to 3 clients on pix1
    > > lan
    > >
    > > I don't have the access to pix2 because it isn't mine
    > >
    > > What can I do?
    > >
    > > pix1 lan 192.168.1.0 255.255.255.0
    > > pix2 lan 172.30.1.0 255.255.255.0

    >
    > Disable "sysopt connection permit-ipsec" and use the outside access-list
    > to filter the traffic.
    >
    > Rik Bain
     
    Martin Eden, Jan 14, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    6,902
    Dumbkid
    Feb 7, 2005
  2. Dimitri Petrovich

    GRE traffic over PIX IPSEC VPN

    Dimitri Petrovich, Jun 6, 2005, in forum: Cisco
    Replies:
    1
    Views:
    1,682
    Walter Roberson
    Jun 6, 2005
  3. Arjan
    Replies:
    0
    Views:
    933
    Arjan
    Nov 2, 2005
  4. ttt

    GLBP traffic filtering

    ttt, May 18, 2006, in forum: Cisco
    Replies:
    2
    Views:
    627
  5. AM
    Replies:
    0
    Views:
    679
Loading...

Share This Page