RE: IPSec ACL and

From: Erhan Kurt (kurt@xxxxxxxxxxxxxxx)
Date: Mon Jun 17 2002 - 07:51:20 GMT-3

• Next message: Denise Donohue: "Re: Dlsw backup peer"
• Previous message: David Ham: "Re: NLSP , RIP and route filtering help....SOlved"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Now, we're badly confused :))

I decided to make my ACL (-in crypto) with both, tunnel and local segments
in terms of source and destination.. it works, but I do not know that it is
really the solution WANTED as another big subject of some other e-mails?

Good Luck to All... We really need this..

Erhan

-----Original Message-----
From: elping [mailto:elpingu@acedsl.com]
Sent: 17 Haziran 2002 Pazartesi 06:47
To: Erhan Kurt
Cc: ccielab@groupstudy.com
Subject: Re: IPSec ACL

if you make a gre tunnel ...then apply the ACL on the tunnel tunnel0 ip
access-group 1 out ! ! access-list 1 permit x.x.x. x.x.x.x

Erhan Kurt wrote:

> Hi All,
>
> ---e0--R1--tun0------tun0--R2--e0---
>
> Have also a GRE tunnel between R1 & R2. Wanna make a secure connection
> between local ethernet segments via GRE tunnel with IPSec.
>
> What segments will you use in your ACL in Ipsec? Ethernet or tunnel
> addresses? Or both? I confused a little bit about it, because
> somewhere also confused :)
>
> TIA,
>
> Erhan Kurt
> Team Leader
> Network Services
> SUPERONLINE
> http://www.superonline.net
> mailto:kurt@superonline.net
> Tel: +90 212 310 0135
> Fax: +90 212 310 0001
>
> **********************************************************************
> *****
> Bu e-posta mesaji ve ekleri sadece gonderildigi kisi veya kuruma ozeldir.
> Eger dogru kisiye ulasmadigini dusunuyorsaniz, bu mesajin gizlenmesi,
> yonlendirilmesi, kopyalanmasi veya herhangi bir sekilde kullanilmasi
> yasaktir.
> Mesaj iceriginde bulunan fikir ve yorumlar, Superonline'a degil sadece
> gondericiye aittir.
> Bu mesaj bilinen tum viruslere karsi test edilmistir.
>
> **********************************************************************
> *****
> This e-mail and any files transmitted with it are confidential and
intended
> solely for the use of the individual or entity to whom they are addressed.
> If you are not the intended recipient you are hereby notified that any
> dissemination, forwarding, copying or use of any of the information is
> prohibited.
> The opinions expressed in this message belong to sender alone. There is no
> implied endorsement by SUPERONLINE.
> This e-mail has been scanned for all known computer viruses.
>
***************************************************************************

• Next message: Denise Donohue: "Re: Dlsw backup peer"
• Previous message: David Ham: "Re: NLSP , RIP and route filtering help....SOlved"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:34 GMT-3