No Sysop connection permit IPSEC

From: Perrymon, Josh L. (PerrymonJ@bek.com)
Date: Thu Feb 06 2003 - 13:59:35 GMT-3

• Next message: Young Brown: "Lab Date / Swap / San Jose"
• Previous message: Sam.MicroGate@usa.telekom.de: "RE: 3550 port security w/o L2 or L3 access-list"
• Next in thread: Brent Schultz: "Re: No Sysop connection permit IPSEC"
• Maybe reply: Brent Schultz: "Re: No Sysop connection permit IPSEC"
• Maybe reply: Brent Schultz: "RE: No Sysop connection permit IPSEC"
• Maybe reply: Brent Schultz: "RE: No Sysop connection permit IPSEC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Question,

The command " Sysop Connection Permit IPSEC"
allows all IPSEC traffic to come inbound the firewall and bypass ACL's .
It relies on the crypto map to verify encryption domains.

I would like to remove the sysop connection permit IPSEC so I can control
access to ports on certain servers.

I now it will work- BUT, is anyone else doing this... And what has your
experience been with this.
I know that the crypto maps know to allow IPSEC ports but then I have to
allow IP traffic.

Any Ideas.. Or thoughts...

Joshua Perrymon
Network Security Consultant
BE&K Information Security Dept.
2000 International Park Drive
Birmingham, Al 35243
Voice ( 205 ) 972-6745
.

• Next message: Young Brown: "Lab Date / Swap / San Jose"
• Previous message: Sam.MicroGate@usa.telekom.de: "RE: 3550 port security w/o L2 or L3 access-list"
• Next in thread: Brent Schultz: "Re: No Sysop connection permit IPSEC"
• Maybe reply: Brent Schultz: "Re: No Sysop connection permit IPSEC"
• Maybe reply: Brent Schultz: "RE: No Sysop connection permit IPSEC"
• Maybe reply: Brent Schultz: "RE: No Sysop connection permit IPSEC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:12 GMT-3