site to site VPN CISCO PIX
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > WebserverTalk Community > VPN > site to site VPN CISCO PIX




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    site to site VPN cisco PIX  
silviumed@gmail.com


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
05-02-06 12:12 AM

Hello all,

I use a VPN site to site, PIX 515 to PIX 501. The access is  2 ways.
Could I configure a priority through tunnel? I want to permit the
access only from PIX 515 to PIX 501 and deny from PIX 501 to 515.

I used
crypto map outside_map client configuration address initiate --for PIX
515
crypto map outside_map client configuration address respond --for PIX
501

But I have access in two ways !!!

Could I use a command crypto ?
Thank you !
silviumed




[ Post a follow-up to this message ]



    Re: site to site VPN cisco PIX  
Walter Roberson


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
05-02-06 06:13 AM

In article <1146524836.593604.149240@g10g2000cwb.googlegroups.com>,
<silviumed@gmail.com> wrote:
>I use a VPN site to site, PIX 515 to PIX 501. The access is  2 ways.
>Could I configure a priority through tunnel? I want to permit the
>access only from PIX 515 to PIX 501 and deny from PIX 501 to 515.

As I answered to your posting in comp.dcom.sys.cisco, you can't do
that -- not unless you are prepared to forgo -all- responses
(e.g., not even allow a TCP SYN ACK get through.)

If you just don't want to be able initiate new connections from
the 501 to the 515, follow the guidelines of my other reply.




[ Post a follow-up to this message ]



    Re: site to site VPN cisco PIX  
Vikas


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
05-24-06 12:12 PM

Hello Siliviumed,

Try removing the acl entry pointing towards PIX515 from 501 in nonat.

-Vikas




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 10:01 PM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register