site to site VPN CISCO PIX

Hello all,

I use a VPN site to site, PIX 515 to PIX 501. The access is 2 ways. Could I configure a priority through tunnel? I want to permit the access only from PIX 515 to PIX 501 and deny from PIX 501 to 515.

I used crypto map outside_map client configuration address initiate --for PIX

515 crypto map outside_map client configuration address respond --for PIX 501

But I have access in two ways !!!

Could I use a command crypto ? Thank you ! silviumed

Reply to
silviumed
Loading thread data ...

As I answered to your posting in comp.dcom.sys.cisco, you can't do that -- not unless you are prepared to forgo -all- responses (e.g., not even allow a TCP SYN ACK get through.)

If you just don't want to be able initiate new connections from the 501 to the 515, follow the guidelines of my other reply.

Reply to
Walter Roberson

Hello Siliviumed,

Try removing the acl entry pointing towards PIX515 from 501 in nonat.

-Vikas

Reply to
Vikas

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.