[VPN] Complete VPN access to all PIX interfaces


Welcome to the Virus.Org Mailing List Archive

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [VPN] Complete VPN access to all PIX interfaces
From: [EMAIL PROTECTED]
Date: Thu, 24 Apr 2003 12:20:16 -0400
Sender: [EMAIL PROTECTED]

                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
 I have a PIX 6.2 with 6 interfaces and VPN client 3.0. I have configured   
 the firewall to permit a VPN connection using the following conf           
                                                                            
 access-list 100 permit ip x.x.x.x 255.255.255.0 y.y.y.y 255.255.255.0      
 nat (dmz2) 0 access-list 100                                               
 sysopt connection permit-ipsec                                             
 crypto ipsec transform-set myset esp-3des esmp-md5-hamc                    
 crypto dynamic-map dynmap 30 set transform-set myset                       
 crypto map newmap 20 ipsec-isakmp dynamic dynmap                           
 crypto map newmap interface outside                                        
 * and the configuration of the vpngroup and isakmp                         
                                                                            
 The problem is that I only want the vpn client access my x.x.x.x network   
 in dmz2 but the VPN client can access all the computers in the internal,   
 dmz1, dmz3, etc (all the interfaces).                                      
                                                                            
                                                                            
 Thanks in advance.                                                         
                                                                            
                                                                            
                                                                            
                                                                            









_______________________________________
Jorge Mondaca
Gerencia Seguridad Corporativa
(591) 2-2313030 ext 2021
(591) 72029832


_______________________________________________
VPN mailing list
[EMAIL PROTECTED]
http://lists.shmoo.com/mailman/listinfo/vpn

Follow-Ups:
- Re: [VPN] Complete VPN access to all PIX interfaces
  - From: Scott Nursten
- RE: [VPN] Complete VPN access to all PIX interfaces
  - From: shannong

Prev by Date: Re: [VPN] Network Design for security.
Next by Date: [VPN] Connecting a Cisco VPN client to a Symantec/Raptor appliance
Previous by thread: [VPN] Exploit for PoPToP PPTP server (fwd)
Next by thread: Re: [VPN] Complete VPN access to all PIX interfaces
Index(es):
- Main
- Thread

Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.