Quick version:
1. I don't want VPN access open to the entire world. Is there a way to limit
its access with ACLs?
2. A follow-up question: can I restrict access to VPN clients based on their
hostnames instead of IPs?



I have a Cisco PIX 515E with 7.2(1) software up and running. I'm very new to
VPN in general, but remote access VPN is working.

I tried using IPSec over TCP (which works), but even if I have a "deny ip any
any" rule for the outside interface, TCP connections are still permitted to the
VPN port 10000 (wow!). How can I deny them? I feel strange having the VPN so
exposed to port scanning.

I did find the "set peer" option:
> crypto dynamic-map dyn1 1 set peer 1.2.3.4


which would only allow VPN clients having IP 1.2.3.4 to login, but the problem
is they still receive a login prompt. Is there a way to hide the VPN entirely
(like just dropping the pkts for unknown clients).

kind regards,
Vahid


=============================================
"Make it better before you make it faster."
=============================================

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards