Re: [fw-wiz] Cisco PIX - "Allow inbound IPsec sessions to bypass interface access lists"

Thanks Eric - That seems to be what I was missing.

By creating a new Group Policy, I can make this transition one tunnel at a
time, instead of creating all the rules I *THINK* I'll need, moving to
interface ACL's, and praying for the best....

Thank you Paul and Farrukh for your informative answers!


On Sat, May 16, 2009 at 10:37 PM, Eric Gearhart <eric@xxxxxxxxxxxxx> wrote:

Sorry I accidentally sent that last email prematurely... anyway under
"Default Group Policy" if you click manage there should be a
"DfltGrpPolicy." You can create your own custom Group Policy for this
tunnel, and specify a filter for this group policy. The filter you
select is just an extended access list, and your "source" is the
remote network from your VPN peer, "destination" is your local
networks on your local ASA.

Here's the obligatory Cisco link that explains all this:

firewall-wizards mailing list

firewall-wizards mailing list