Pix as Firewall Endpoint

- K
- KDawg44
  
  Contact options for registered users
posted
13 years ago

Sat, Aug 7, 2010 7:29 PM

Hi,

I have a Pix501 running version 6.3. I need to configure it as a VPN endpoint. The internet connection is a DSL modem with a dynamic IP and I have the public IP passing through the DSL modem to the external interface of the Pix. However, how do I construct my ACLs so that established connections are allowed return traffic but the only other traffic is VPN traffic? is there a "reflect packets" or "established" keyword on the pix that will keep track of the state of outgoing connections when setting up the ACL for my inside interface out?

Thanks for any help.

Kevin

Loading thread data ...

- K
- KDawg44
  
  Contact options for registered users
Vote on answer
posted
13 years ago

Sat, Aug 7, 2010 7:34 PM

Okay, so it appears that the stateful-ness is inherent. So what I need is on the outside_in acl is:

allow VPN stuff deny any any

Thanks. I am very rusty since I haven't worked on these in five years!

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.