If you have a PIX with a site-to-site VPN configured, you may want to allow all the internal hosts to utilize the VPN but only certain hosts to get to the Internet. In that case, allow traffic to your internal subnet in your access list, then allow the IP's that are permitted Internet access.
access-list 1 permit ip any 192.168.0.0 255.255.0.0 <--- This allows traffic to the internal VPN
access-list 1 permit ip host 192.168.2.2 any <----This allows a specific IP Internet access
access-list 1 permit ip host 192.168.2.3 any
access-list 1 permit ip host 192.168.2.4 any
access-group 1 in interface inside
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment