[fw-wiz] Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists"



Hi all -

I'm using a Cisco ASA 5500 series appliance with ASDM 6.1.

As I understand it, by default, incoming packets from IPsec site-to-site
VPN's are not checked by the standard interface ACL's -

(1) Where _can_ I limit incoming traffic from a specific VPN - i.e. SSH from
a specific remote host to a local host/LAN?

(2) I found that following checkbox in the "IPsec VPN Wizard" which might be
a step in the right direction - "Enable inbound IPsec sessions to bypass
interface access lists."
(a) Is this the proper setting?
(b) I assume that this will send the incoming traffic through the
"outside" interface? right?
(c) Does this checkbox apply to ALL IPsec sessions on all VPN's? Will
this apply to my other VPN's?
(d) What Cisco ASA/PIX command does this translate to
(e) Is there a screen in the ASDM where I can enable this
after-the-fact?

(3) Or, perhaps, I'm looking in completely the wrong place?

Thank you!!
-Mike
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards