site to site VPN CISCO PIX

site to site VPN CISCO PIX
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
site to site VPN CISCO PIX silviumed 05-01-2006
Posted by on May 1, 2006, 7:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello all,

I use a VPN site to site, PIX 515 to PIX 501. The access is 2 ways.
Could I configure a priority through tunnel? I want to permit the
access only from PIX 515 to PIX 501 and deny from PIX 501 to 515.

I used
crypto map outside_map client configuration address initiate --for PIX
515
crypto map outside_map client configuration address respond --for PIX
501

But I have access in two ways !!!

Could I use a command crypto ?
Thank you !
silviumed


home networking made easy, greater protection, less stress, introducing nm 5.0, 728x90
Posted by Walter Roberson on May 2, 2006, 1:09 am
If you were  Registered and logged in, you could reply and use other advanced thread options
>I use a VPN site to site, PIX 515 to PIX 501. The access is 2 ways.
>Could I configure a priority through tunnel? I want to permit the
>access only from PIX 515 to PIX 501 and deny from PIX 501 to 515.

As I answered to your posting in comp.dcom.sys.cisco, you can't do
that -- not unless you are prepared to forgo -all- responses
(e.g., not even allow a TCP SYN ACK get through.)

If you just don't want to be able initiate new connections from
the 501 to the 515, follow the guidelines of my other reply.

Posted by Vikas on May 24, 2006, 7:39 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello Siliviumed,

Try removing the acl entry pointing towards PIX515 from 501 in nonat.

-Vikas


Similar ThreadsPosted
Cisco Site to Site VPN. Is it possible to join domain over VPN connection? October 8, 2007, 7:09 pm
Aweful Cisco site to Site vpn - outlook 2003 November 11, 2007, 5:28 pm
cisco 1811 looses connectivity ( site to site vpn ) November 16, 2007, 8:34 pm
How to Configure Site-to-Site VPN in Cisco Routers May 2, 2007, 5:31 am
Checpoint VPN Edge to Linksys BEFVP41 site to site February 15, 2005, 7:32 am
Sonicwall Site to Site VPNand Active Directory March 24, 2005, 11:42 am
REQ: Low-end site-to-site VPN router that does split tunneling October 13, 2005, 10:53 pm
RV042 / SSG-5 site-to-site Advice Needed November 20, 2007, 10:49 am
VPN site to site explanation needed June 15, 2005, 4:31 pm
Setting up site to site VPNs February 25, 2006, 3:10 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map