RE: VPN Access list

Hi all please help, I have this configure on the PIX 515e firewall, yes the guy can connect via vpn to LAN, my intention was to only allow him access to, I now realised that he can gain access to every machine on the network.
Could you please advice on what command to apply to prevent him from any other machine on the network.

vpngroup sbs dns-server
vpngroup sbs idle-time 1800
vpngroup sbs default-domain

access-list 40 permit ip host

Thanks for your support.
1 answer Last reply
More about access list
  1. You need a deny all command or something along that line after the permit line.. Been awhile since I messed with an ACL.

    The permit line will allow him access to that one specific ip address. The deny all command will reject all other ips.

    Make sure the deny all is after the permit or he wont get to anything.
Ask a new question

Read More

Firewalls vpn Networking