From: Lab Candidate (labccie@xxxxxxxxx)
Date: Tue Mar 05 2002 - 01:58:15 GMT-3
IPSec inbound traffic is processed against the crypto map entries, if an unprot
ected packet
matches a permit entry in a particular access list associated with an IPSec cry
pto map entry, that
packet is dropped.
But on a second thought, the ACL is defined for outgoing traffic only, checking
inbound traffic
against it is backwards. My question is does the IOS software reverse the ACL o
rder while checking
on incoming traffic like it was going outbound? I don't believe that you need t
o define separate
lines in ACL for incoming traffic, only the lines pertaining to outbound traffi
c are used for
checkup. Please confirm my understanding. TIA...
---
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:53 GMT-3