From: Brent Schultz (brent@mail.happens.com)
Date: Thu Feb 06 2003 - 15:20:16 GMT-3
Josh-
I am successfully doing this on several installs (mainly PIX to checkpoint, but I do have a couple of PIX to PIX).
I have not had any real issues (other that changing how I was thinking about/approaching the configs).
If you would like to look at a working config or have any specific questions, I would be happy to help.
-Brent
---------- Original Message ----------------------------------
From: "Perrymon, Josh L." <PerrymonJ@bek.com>
Reply-To: "Perrymon, Josh L." <PerrymonJ@bek.com>
Date: Thu, 6 Feb 2003 10:59:35 -0600
>Question,
>
>The command " Sysop Connection Permit IPSEC"
>allows all IPSEC traffic to come inbound the firewall and bypass ACL's .
>It relies on the crypto map to verify encryption domains.
>
>I would like to remove the sysop connection permit IPSEC so I can control
>access to ports on certain servers.
>
>I now it will work- BUT, is anyone else doing this... And what has your
>experience been with this.
>I know that the crypto maps know to allow IPSEC ports but then I have to
>allow IP traffic.
>
>
>Any Ideas.. Or thoughts...
>
>Joshua Perrymon
>Network Security Consultant
>BE&K Information Security Dept.
>2000 International Park Drive
>Birmingham, Al 35243
>Voice ( 205 ) 972-6745
>.
.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:12 GMT-3