In the crypto-map portion of the PIX configuration, it will reference an
access-list. That access-list defines what is "interesting" traffic (i.e.
traffic to encrypt and send through the tunnel). All you need to do is lock
that access-list down to the hosts that you want to have access to the
tunnel. That way, when those particular hosts want to access the
tunnel....their traffic is "interesting" to the PIX, and thus gets encrypted
and sent on its way. All other host traffic will not be interesting and
won't get encrypted, nor sent through the tunnel.
HTH,
Aaron
----- Original Message -----
From: "husszalavadia" <husszalavadia
gmail.com>
To: <PIX_Firewallyahoogroups.com>;
Sent: Friday, June 23, 2006 10:11 PM
Subject: [PIX_Firewall] vpn access-list
> This might be a simple access-list question but I'm not seeing it
> logically: I need to limit access to hosts on a dmz where we terminate
> a vpn. The hosts are in the same dmz we terminate the vpn. Could I
> use a access list to block which hosts are accessiable by the vpn?
> only allow this vpn connection to go through this resources?
>
>;
>
>
>
>
>
>
>
>
> Yahoo! Groups Links
>;
>
>
>
>
>
>
>
> __________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> __________________________________________________________
>