Pix as Firewall Endpoint


I have a Pix501 running version 6.3. I need to configure it as a VPN endpoint. The internet connection is a DSL modem with a dynamic IP and I have the public IP passing through the DSL modem to the external interface of the Pix. However, how do I construct my ACLs so that established connections are allowed return traffic but the only other traffic is VPN traffic? is there a "reflect packets" or "established" keyword on the pix that will keep track of the state of outgoing connections when setting up the ACL for my inside interface out?

Thanks for any help.


Reply to
Loading thread data ...

Okay, so it appears that the stateful-ness is inherent. So what I need is on the outside_in acl is:

allow VPN stuff deny any any

Thanks. I am very rusty since I haven't worked on these in five years!

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.