Advertisement

07.08.2008 at 09:52AM PDT, ID: 23547372
[x]
Attachment Details

How do i Filter traffic across a Site to Site VPN via the Interesting Traffic ACL

Asked by shinge in Cisco PIX Firewall, Virtual Private Networking (VPN), IPSec Security Protocol

Tags: Cisco, PIX, 6.3.5, Cisco, Pix, 515e

Hi Guys

Do you know if you can filter the traffic on a Cisco Pix Site 2 Site VPN via the Interesting traffic ACL

eg instead of
 access-list VPNAMM permit ip 10.1.0.0 255.255.255.0 10.65.10.0 255.255.255.0  
which would permit all IP traffic    

to something like this  

 access-list VPNAMM permit tcp 10.1.0.0 255.255.255.0 10.65.10.0 255.255.255.0 eq 80
access-list VPNAMM permit tcp 10.1.0.0 255.255.255.0 10.65.10.0 255.255.255.0 eq 443
access-list VPNAMM permit tcp 10.1.0.0 255.255.255.0 10.65.10.0 255.255.255.0 eq 135
access-list VPNAMM permit tcp 10.1.0.0 255.255.255.0 10.65.10.0 255.255.255.0 eq 139

which would only allow 80, 443, 135 139

I have been trying so far but not had any luck so any advise would be helpful .The tunnel itself is coming  up no problem just does not seem to pass the traffic when i use the more granular ACL

I am using to pix 515e both running 6.3.5 ios

Many thanks
Stuart

                                                        Start Free Trial
[+][-]07.08.2008 at 03:58PM PDT, ID: 21959140

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.09.2008 at 01:07AM PDT, ID: 21961413

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.09.2008 at 07:10AM PDT, ID: 21963748

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Cisco PIX Firewall, Virtual Private Networking (VPN), IPSec Security Protocol
Tags: Cisco, PIX, 6.3.5, Cisco, Pix, 515e
Sign Up Now!
Solution Provided By: Melaleuca
Participating Experts: 1
Solution Grade: A
 
 
[+][-]07.09.2008 at 07:31AM PDT, ID: 21963998

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628