Jähne, Marcel schrieb:
> Hello list,
> 
>  
> 
> is there a possibility to restrict the IPSec-Traffic with firewallrules ?
> 
> I`ve a IPSec connection between two points and a firewallrule created that
> 
> the "other" side shall only reach Port 80 in our Network. But it can reach
> all
> 
> Ports on all machines !? Nevermind the rules.
> 
> Can you help ?

Yes.
You can only restrict the traffic on the sourceside (beginning of the 
tunnel).
e.g
1. Rule: allow all TCP LanNet to port 80 TCP remote Net (through the tunnel)
2. Rule: deny all LanNet to all remote Net.

Rules at the end of a tunnel have no effect.

bye
Christoph



> 
>  
> 
>  
> 
> Greets
> 
> Marcel
> 
>