RE: IPSec confusion

From: Rodia Rascall (polarccie@yahoo.co.uk)
Date: Wed Apr 23 2003 - 01:28:41 GMT-3

Next message: Peter: "Re: Priviledge commands"
Previous message: Rodia Rascall: "Re:Priviledge commands"
Maybe in reply to: lg01: "IPSec confusion"
Next in thread: Baety Wayne SrA 18 CS/SCBX: "RE: IPSec confusion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This is from CCO...

--- However, when using IPsec with GRE, the access list for encrypting traffic does not list the desired end network and applications, but instead it refers to permit the source and destination of the GRE tunnel on the outbound direction. Without further ACL on the tunnel interface, this configuration will allows for all packets forwarded to the GRE tunnel to get encrypted. --- so if you have int tunnel 0 tunnel source 192.168.100.1 tunnel destination 192.168.101.1 ....

u should have ip access-list extended vpn-static1 permit gre host 192.168.100.1 host 192.168.101.1 see also... http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b8.shtml http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns142/networking_solutions_white_paper09186a0080117919.shtml http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f85.shtml

and there is this example.... http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml

--- Hunt Lee <huntl@webcentral.com.au> wrote: > Sorry, I still don't understand. > > Can you please explain a bit more? > > -----Original Message----- > From: Rodia Rascall [mailto:polarccie@yahoo.co.uk] > Sent: Wednesday, 23 April 2003 7:21 AM > To: lg01@myway.com > Cc: ccielab@groupstudy.com > Subject: Re:IPSec confusion > > > that depends > whether you route the traffic between 192.168.6.0 > and > 192.168.13.0 via tunnl or the routing protocol > already running... > if you choose the tunnel you should permit gre, > otherwise permitting ip will suffice... > > Best Regards... > > __________________________________________________ > Yahoo! Plus > For a better Internet experience > http://www.yahoo.co.uk/btoffer >

> ATTACHMENT part 2 application/ms-tnef

Next message: Peter: "Re: Priviledge commands"
Previous message: Rodia Rascall: "Re:Priviledge commands"
Maybe in reply to: lg01: "IPSec confusion"
Next in thread: Baety Wayne SrA 18 CS/SCBX: "RE: IPSec confusion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:02 GMT-3