filtering ipsec traffic pix to pix

Discussion in 'Cisco' started by Martin Eden, Jan 13, 2004.

  1. Martin Eden

    Martin Eden Guest

    I have 2 pix
    pix1
    pix2
    i have created a vpn pix to pix
    now on pix1 i want to put some acl that limit
    the access from pix2 versus pix1 lan

    In other words
    the entire lan behind pix2 must have access only to 3 clients on pix1 lan

    I don't have the access to pix2 because it isn't mine

    What can I do?

    pix1 lan 192.168.1.0 255.255.255.0
    pix2 lan 172.30.1.0 255.255.255.0
     
    Martin Eden, Jan 13, 2004
    #1
    1. Advertisements

  2. Martin Eden

    Rik Bain Guest

    Disable "sysopt connection permit-ipsec" and use the outside access-list
    to filter the traffic.

    Rik Bain
     
    Rik Bain, Jan 13, 2004
    #2
    1. Advertisements

  3. Martin Eden

    Martin Eden Guest

    One thing another
    if I have 4 pix in fully meshed vpn
    and the 5th pix connetc in vpn to only one pix
    if I Disable "sysopt connection permit-ipsec"
    for the other what change in configuration

    i try to disable to every one "sysopt connection permit-ipsec"
    and modify the connection??????
     
    Martin Eden, Jan 14, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.