Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Applying ACL's for remote VPN Clients

Status
Not open for further replies.
mpots

mpots

Vendor
May 18, 2004
5
US
Once VPN clients are terminated on the outside interface, will the ACL on the outside interface be applied on unencrypted traffic? I need to deny VPN clients to various services and IP hosts via ACL's. I can do this with AAA, but would like to implement ACLs on either the inside or outside interface.

Is there any documents that describe the order of operations on the PIX for VPN traffic (like outside ACL->VPN tunnel->...)
 
Sort by date Sort by votes
No you can not do it with the interface access lists. Traffic from a tunnel is not checked against the ACL on the interface that it came through. And access lists can not be applied to traffic leaving an interface.
 
Upvote 0 Downvote
I kinda thought so. So RADIUS authentication is the only way it sounds.

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
537
Johnkite
Johnkite
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
625
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
126
WhosYourDiffie
WhosYourDiffie
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
469
XLNTech1
XLNTech1
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
519
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top