I have a Pix501 running version 6.3. I need to configure it as a VPN endpoint. The internet connection is a DSL modem with a dynamic IP and I have the public IP passing through the DSL modem to the external interface of the Pix. However, how do I construct my ACLs so that established connections are allowed return traffic but the only other traffic is VPN traffic? is there a "reflect packets" or "established" keyword on the pix that will keep track of the state of outgoing connections when setting up the ACL for my inside interface out?
Thanks for any help.