Search This Blog

Sunday, May 24, 2009

firewall-wizards Digest, Vol 37, Issue 15

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Cisco PIX - "Allow inbound IPsec sessions to bypass
interface access lists" (Michael Tewner)


----------------------------------------------------------------------

Message: 1
Date: Sun, 24 May 2009 08:03:08 +0300
From: Michael Tewner <tewner@gmail.com>
Subject: Re: [fw-wiz] Cisco PIX - "Allow inbound IPsec sessions to
bypass interface access lists"
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<34337f660905232203g6558aebbn8cb371a7af600d98@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Thanks Eric - That seems to be what I was missing.

By creating a new Group Policy, I can make this transition one tunnel at a
time, instead of creating all the rules I *THINK* I'll need, moving to
interface ACL's, and praying for the best....

Thank you Paul and Farrukh for your informative answers!


-Mike


On Sat, May 16, 2009 at 10:37 PM, Eric Gearhart <eric@nixwizard.net> wrote:

> Sorry I accidentally sent that last email prematurely... anyway under
> "Default Group Policy" if you click manage there should be a
> "DfltGrpPolicy." You can create your own custom Group Policy for this
> tunnel, and specify a filter for this group policy. The filter you
> select is just an extended access list, and your "source" is the
> remote network from your VPN peer, "destination" is your local
> networks on your local ASA.
>
> Here's the obligatory Cisco link that explains all this:
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml
>
> --
> Eric
> http://nixwizard.net
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090524/ab4d4feb/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 37, Issue 15
************************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)