anerikkehvadderskals
IS-IT--Management
Hi,
I have made a vpn between a pix501 - FW1 and its working fine. However, i would like to limit what the users from FW1 can see. Today the have access to the entire net and all ports, I would like to limit them to one ip address, and perhaps also one port (http 80). How do I do that?
TIA
Lasse
The lines I'm using today:
access-list 115 permit ip 193.100.100.0 255.255.255.0 172.30.2.0 255.255.255.0
crypto ipsec transform-set myset esp-des esp-sha-hmac
crypto map rtpmap 10 ipsec-isakmp
crypto map rtpmap 10 match address 115
crypto map rtpmap 10 set peer 130.x.x.12
crypto map rtpmap 10 set transform-set myset
crypto map rtpmap 10 set security-association lifetime seconds 3600 kilobytes 46
08000
crypto map rtpmap interface outside
isakmp enable outside
isakmp key ******** address 130.x.x.12 netmask 255.255.255.240
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
I have made a vpn between a pix501 - FW1 and its working fine. However, i would like to limit what the users from FW1 can see. Today the have access to the entire net and all ports, I would like to limit them to one ip address, and perhaps also one port (http 80). How do I do that?
TIA
Lasse
The lines I'm using today:
access-list 115 permit ip 193.100.100.0 255.255.255.0 172.30.2.0 255.255.255.0
crypto ipsec transform-set myset esp-des esp-sha-hmac
crypto map rtpmap 10 ipsec-isakmp
crypto map rtpmap 10 match address 115
crypto map rtpmap 10 set peer 130.x.x.12
crypto map rtpmap 10 set transform-set myset
crypto map rtpmap 10 set security-association lifetime seconds 3600 kilobytes 46
08000
crypto map rtpmap interface outside
isakmp enable outside
isakmp key ******** address 130.x.x.12 netmask 255.255.255.240
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400