RE: Site-to-Site VPN - ACL question

From: Steven A Ridder (saridder@hotmail.com)
Date: Wed Dec 10 2003 - 16:02:42 GMT-3

• Next message: pita40: "nei next-hop-unchanged"
• Previous message: Ken.Farrington@barclayscapital.com: "RE: OSPF debug for Identifying generation of LSA"
• Maybe in reply to: Vazman@aol.com: "Site-to-Site VPN - ACL question"
• Next in thread: asadovnikov: "RE: Site-to-Site VPN - ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Correct. If I remember correctly, the ACL's act first, then decryption.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Vazman@aol.com
Sent: Tuesday, December 09, 2003 4:44 PM
To: ccielab@groupstudy.com
Subject: Site-to-Site VPN - ACL question

Hello,

I have a question..

10.100.10.0/24--Router1--INTERNET--Router2--10.100.20.0/24

We have a site-to-site VPN over the Internet between two Cisco routers
and are using private addressing on the ethernet. An inbound ACL is
applied on the serial interface of both routers. On R1 do we need to
permit the ethernet segment of R2?
I was almost positive that we dont have to..as I would imagine that all
traffic between the two LANs goes through the VPN tunnel.

Thanks

• Next message: pita40: "nei next-hop-unchanged"
• Previous message: Ken.Farrington@barclayscapital.com: "RE: OSPF debug for Identifying generation of LSA"
• Maybe in reply to: Vazman@aol.com: "Site-to-Site VPN - ACL question"
• Next in thread: asadovnikov: "RE: Site-to-Site VPN - ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:38 GMT-3