|
Home > Archive > VPN > May 2006 > site to site VPN CISCO PIX
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
site to site VPN CISCO PIX
|
|
| silviumed@gmail.com 2006-05-01, 7:12 pm |
| Hello all,
I use a VPN site to site, PIX 515 to PIX 501. The access is 2 ways.
Could I configure a priority through tunnel? I want to permit the
access only from PIX 515 to PIX 501 and deny from PIX 501 to 515.
I used
crypto map outside_map client configuration address initiate --for PIX
515
crypto map outside_map client configuration address respond --for PIX
501
But I have access in two ways !!!
Could I use a command crypto ?
Thank you !
silviumed
| |
| Walter Roberson 2006-05-02, 1:13 am |
| In article <1146524836.593604.149240@g10g2000cwb.googlegroups.com>,
<silviumed@gmail.com> wrote:
>I use a VPN site to site, PIX 515 to PIX 501. The access is 2 ways.
>Could I configure a priority through tunnel? I want to permit the
>access only from PIX 515 to PIX 501 and deny from PIX 501 to 515.
As I answered to your posting in comp.dcom.sys.cisco, you can't do
that -- not unless you are prepared to forgo -all- responses
(e.g., not even allow a TCP SYN ACK get through.)
If you just don't want to be able initiate new connections from
the 501 to the 515, follow the guidelines of my other reply.
| |
|
| Hello Siliviumed,
Try removing the acl entry pointing towards PIX515 from 501 in nonat.
-Vikas
|
|
|
|
|