Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: [VPN] VPN on Cisco PIX
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: [VPN] VPN on Cisco PIX
  • From: "Dana J. Dawson" <[EMAIL PROTECTED]>
  • Date: Wed, 30 Apr 2003 12:09:39 -0500
  • Organization: Qwest Communications
  • References: <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
Actually, you can, but you have to remove the "sysopt connection permit-pptp" command that is usually used. In this case, you have to permit all the incoming traffic to the PIX with an access-list (or conduit, I suppose), including the PPTP traffic (GRE and TCP/1723). Since you're using an access-list to allow that traffic, you can also restrict the source, which is what you want. 

HTH

Dana

--

Dana J. Dawson                     [EMAIL PROTECTED]
Senior Staff Engineer              CCIE #1937
Qwest Communications               (612) 664-3364
600 Stinson Blvd., Suite 1S        (612) 664-4779 (FAX)
Minneapolis  MN  55413-2620

"Hard is where the money is."

shannong wrote:

No.  VPDN cannot be restricted by IP on the Pix.  Instead, you'll need
to use an ACL on the router in front.  You can do real VPNs using IPSec
and specify the IPs that can have access by defining their pre-shared
keys for IKE.  All others will fail.

-Shannon

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of silvia ghezzi
Sent: Tuesday, April 29, 2003 2:27 AM
To: [EMAIL PROTECTED]
Subject: [VPN] VPN on Cisco PIX

Hello,

I have enabled a PPTP VPN to my CISCO PIX, but I
cannot find the way to filer the public source IP
address to establish VPN with PIX, so at the moment
everybody can create a VPN with us and we don't want
this.

Is there a way to prevent this?

Many thanks
Regards

Silvia


_______________________________________________
VPN mailing list
[EMAIL PROTECTED]
http://lists.shmoo.com/mailman/listinfo/vpn
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.