Here is a quick to do it with access-list on proto ESP
access-l ACL_OUTSIDE allow esp access-group net_customer1 access-group
srv_httpserver
access-l ACL_OUTSIDE deny esp any any
Anthony
-----Original Message-----
From: Dennis Dimka [mailto:dennis.dimka@manna.com]
Sent: Tuesday, August 17, 2004 2:41 PM
To: 'Arek Slominski'; firewalls@securityfocus.com
Subject: RE: PIX - VPN with IPSec
Why not just use SSL (https) with HTTP security? VPN seems a bit of an
overkill if all the customers are doing is transmitting web (EDI) data.
I'm
of the opinion that this sort of customer interaction shouldn't require
such a major infrastructure change.
-----Original Message-----
From: Arek Slominski [mailto:aslom@paytel.pl]
Sent: Tuesday, August 17, 2004 7:53 AM
To: firewalls@securityfocus.com
Subject: PIX - VPN with IPSec
Hi Guys,
Our company plans to establish an IPSec VPN tunnel to one of our
customers.
Some resources should be shared for the customer and the easiest way is to
let secured access to the data via Internet. We prepared testing
environment with PIX515 and Linksys VPN router. The data are crypted fine
but there is no access control within the VPN channel.
We added PIX command "sysopt connection permit-ipsec" on PIX and it let's
all inbound traffic from Linksys router via IPSec tunnel, nothing even
acls!!! I do not want all inbound traffic welcome to my LAN behind PIX -
all
I need is for example access to one web server inside.
Pls, advise how to fix it.
Regards
Arek
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/
