RE: VPN Access list

[gbollyd]

Hi all please help, I have this configure on the PIX 515e firewall, yes the guy can connect via vpn to LAN, my intention was to only allow him access to 98.0.0.6, I now realised that he can gain access to every machine on the network.
Could you please advice on what command to apply to prevent him from any other machine on the network.


vpngroup sbs dns-server 98.98.1.1
vpngroup sbs idle-time 1800
vpngroup sbs default-domain Bridisco.co.uk

access-list 40 permit ip host 98.0.0.6 98.98.107.0 255.255.255.0


Thanks for your support.

 

[sturm]

You need a deny all command or something along that line after the permit line.. Been awhile since I messed with an ACL.

The permit line will allow him access to that one specific ip address. The deny all command will reject all other ips.

Make sure the deny all is after the permit or he wont get to anything.