First some background for my question:
I have recently set up a VPN tunnel between a Cisco PIX 506E (VPN server) and remote clients. The remote clients use Cisco VPN Client software version 4.8. Everything seems to work fine. But as it is configured right now the remote clients have full access to the private network (they can log on to servers and so on). I want the remote clients only to have access to a specific application. Only one type of traffic is supposed to flow from the VPN server to the clients (for security reasons).
On the Cisco PIX there's also a site-to-site VPN tunnel set up. I have understood that the command sysopt connection permit-ipsec, permit IPSec traffic to pass through the PIX firewall without a check of access-list command statements. I guess this site-to-site tunnel needs this command.
So finally, the question:
Is it possible to just permit one type of traffic (protocol) to flow between the VPN server and the remote Cisco clients?
November 15, 2006 5:28 AM
May 17, 2011 7:57 AM