VPN Client connect to a pix 501 wish to have only some port openned
Posted on 2005-03-04
Hi there my question is quite simple him using a pix 501 to build a vpn tunnel with a remote host using the cisco vpn client. There is a split tunnel configured to allow only traffic destined to the network behind the pix to pass through the tunnel.
Everything is working fine on that configuration.
What I need to add to this is a way to let only traffic that are comming from an internal host (behind the pix) to connect through RDP port TCP 3389 on the VPN client computer.
I also need traffic from an internal host (behind the pix) to access the port TCP 445 on the VPN client computer
I also need the VPN client to access a web page on TCP port 8080 on an internal host (behind the pix).
I also need the VPN client to have access to TCP port 15000, 9000, 10000 and 19000 on the internal host (behind the pix),but the source port to initiate the connection to those port will be randomly generated from the computer connected through the vpn client.
Please note that only the host behind the pix and the vpn client are allowed to speak with each other through the tunnel. This is working fine by now only need to add the port restriction on that.
Also I want all this goes through the vpn tunnel and only those port every other traffic must be dropped.
Thanks a lot in advance.