Home > Ask the Security Experts > Network Security Questions & Answers > How to restrict traffic between the VPN server and remote Cisco clients
Ask The Security Expert: Questions & Answers
EMAIL THIS

How to restrict traffic between the VPN server and remote Cisco clients

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 25 November 2006
I have recently set up a VPN tunnel between a Cisco PIX 506E (VPN server) and remote clients. Right now, the remote clients have full access to the private network, but I want them to only have access to a specific application. On the Cisco PIX there's also a site-to-site VPN tunnel setup. From what I understand, the command "sysopt connection permit-ipsec," permits IPsec traffic to pass through the PIX firewall without a check of access list command statements. Is it possible to just permit one type of traffic (protocol) to flow between the VPN server and the remote Cisco clients?

>
EXPERT RESPONSE
You've actually identified your issue in your question. You have the "sysopt connection permit-ipsec" command in your configuration. This automatically allows VPN traffic into the internal network without filtering. If you want to apply specific port filters to the tunnel, disable the command and apply an access control list to the appropriate PIX interface. Granted, it's not the easiest thing to configure on a PIX, but it's technically possible.

More information:

  • Find out the costs of maintaining a VPN.
  • Learn how L2TP and PPTP differ from IPsec


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    What warning signs will indicate the presence of a P2P botnet?
    What reporting tools are available for an enterprise IDS?
    Is it possible to allow select access to IP addresses using Windows Server 2003?
    Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
    What are best practices for creating an IDS and maintaining a signature database?
    What are the best ways to hide system information from network scanning software?
    What are the security risks of opening all the ports on an internal router?
    Will Cisco's plan to open access to the IOS improve network security?
    Will VoIP attacks result in more than just spam?
    Should enterprises implement a mandatory iPhone VPN?

    Remote Access Management
    How to configure NAP for Windows Server 2008
    Information security book excerpts and reviews
    Partner access: Balancing security and availability
    Cisco injects role-based access control into the network
    What are the dangers of Web-based remote access systems?
    NAC switches, appliances help track users, malware
    Is it safe to use remote access tools to grant system access?
    Microsoft NAP-TNC compatibility won't speed adoption, users say
    Inviting Risk
    Secure Remote Access

    IPSec
    Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
    What ports should be opened and closed when IPsec filters are implemented?
    DMVPN configuration: Is an additional firewall needed between the router and the Internet?
    How should the ipseccmd.exe tool be used in Windows Vista?
    Can Trojans and other malware exploit split-tunnel VPNs to infiltrate a network?
    IPsec tunneling: Exploring the security risks
    Should an IT staff be concerned with a network's physical security?
    How expensive are IPsec VPN setup costs?
    Do split-tunneling features make a VPN vulnerable?
    Will securing a wireless LAN make the data link layer vulnerable?
    IPSec Research

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    authentication  (SearchSecurity.com)
    RADIUS  (SearchSecurity.com)
    remote access  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts