Re: [fw-wiz] Cisco PIX: How to restrict remote access to VPN using IP addresses/hostnames



Vahid Pazirandeh napisał(a):
Quick version:
1. I don't want VPN access open to the entire world. Is there a way to limit
its access with ACLs?
2. A follow-up question: can I restrict access to VPN clients based on their
hostnames instead of IPs?



I have a Cisco PIX 515E with 7.2(1) software up and running. I'm very new to
VPN in general, but remote access VPN is working.


1. In 6.x pixios there was split tunnel option, which worked as a kind
of ACL ;]
2. In 6.x you couldn't.


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: Cisco PIX VPN access-lists
    ... sounds like maybe there acls may not be right I always built three ... policy vpn filter. ... IPSec tunnel between a Cisco PIX and a Juniper SSG 20. ... Can you specify host and port access lists using that crypto map match ...
    (comp.dcom.sys.cisco)
  • Re: PIX to PIX VPN problem
    ... Never have your vpn address pool as a subset of your inside addresses. ... nat 0 access-list NONAT ... ACLs applied as access-groups, ...
    (comp.dcom.sys.cisco)
  • [fw-wiz] Automatic ACL update on Cisco boxes
    ... whatever) that will enable us to dynamically add or remove ACLs ... on the router, ... We would then like to update another router's configuration (VPN zone to ... internal net) do add a few 'permit' ACLs for her temporary address, ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Cisco PIX: How to restrict remote access to VPN using IP addresses/hostnames
    ... I don't want VPN access open to the entire world. ... any" rule for the outside interface, TCP connections are still permitted to the ... VPN port 10000. ... If your ACLs are bad!, ...
    (Firewall-Wizards)