You can create an access-list to specify the traffic you want filtered, then
apply that ACL to the crypto map.

For instance:

ip access-list ext VPN-FILTER
 deny tcp any any eq 23
 deny tcp any any eq 80
 permit ip any any

crypto map VPN 10 ipsec-isakmp
 set ip access-group VPN-FILTER in

Mark

On Wed, Jun 29, 2011 at 8:43 AM, Kash iqbal <[email protected]> wrote:

>  Hi Experts ,
>
> A quick question
>
> in IPSec Crypto map where you put ACL to allow trarfic to go inside the
> tunnel , Is there any other place where we can put security on Traffic that
> is coming thrugh VPN
>
> Let me explain.
>
> Match acl says
> Permit IP 1.1.1.0  to  2.2.20
>
> However i want to block Telent and port 80 on this VPN tunnel how i can
> accomplish this.
>
>
> Regards
> KAshif
>
>
>
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to