ACL for IPSec Question

From: Lab Rat #109385382 (techlist01@gmail.com)
Date: Mon Nov 20 2006 - 05:33:52 ART

• Next message: Alexey Tolstenok: "Re: 2 Tricky QoS questions"
• Previous message: Salman Abbas: "Re: IP Event Dampening"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If I have an L2L IPSec tunnel between a VPN Concentrator and a router (with
the router ip address being behind a PIX doing static identity NAT), what
are the ACL entries I would need on the PIX Outside interface?

Again, the static translation on the PIX is similar to the following:

static (inside,outside) 100.100.100.1 100.100.100.1

Since there is no NAT going on, I believe the following is correct:

access-list OUTSIDE permit udp host VPNC host ROUTER eq 500
access-list OUTSIDE permit esp host VPNC host ROUTER

Does the VPNC also require a source "eq 500" statement? Would I need
anything else?

Thanks,

Ed

• Next message: Alexey Tolstenok: "Re: 2 Tricky QoS questions"
• Previous message: Salman Abbas: "Re: IP Event Dampening"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART