PIX 506E as VPN endpoint only
Posted on 2004-08-18
I am a PIX 506E that I wish to use to connect a main office to a branch office. I have set up the VPN connection, but now I want to make sure that all non-local branch office comes back to the main office. That is, I do not want systems on the branch office network to be able to access the internet via the PIX.
Since I cannot delete the implicit access rule that allows traffic to flow from the inside to outside interfaces, what is the easiest way to prevent traffic from going from the branch office network out to the internet?
My branch office is a 192.168.x.x network, so I was thinking that if I did not define any translation rules, there would be nothing to NAT/PAT traffic. Without NAT/PAT, my private addresses would not route on the internet routers.
However, I'm thinking there must be a more elegant way to prevent this traffic flow.