From: Nguyen Hoang Long (ng-hlong@hn.vnn.vn)
Date: Thu Mar 18 2004 - 03:35:31 GMT-3
yes for Router, check the order of operation:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080
133ddd.shtml#topic1
For PIX fw, that's not true by default, ACL bypass function for traffic
coming from IPSec tunnel is automatically turned on (default).
Vietnam CCNA/CCNP/CCIE Bootcamp
www.vn-experts.net.vn
www.vnexperts.net
----- Original Message -----
From: "Richard Dumoulin" <richard.dumoulin@vanco.es>
To: <ccielab@groupstudy.com>
Sent: Wednesday, March 17, 2004 9:13 PM
Subject: Security
> Hi all,
>
> I have a question about security. Suppose we have a Hub router that is
> receiving dynamic IPSec tunnels from several remote routers. I thought
that
> only allowing isakmp, esp and ahp in an acl would suffice to secure the
> router but I have noticed that first the acl is checked and then the
> encryption is done. Does this mean that an acl statement should be done
for
> every user application inside the tunnels ?
>
> Thx
>
> --Richard
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:33 GMT-3