From: Hunt, Richard (LDN-GIS) (Richard.Hunt@interpublic.com)
Date: Thu Apr 03 2008 - 06:12:25 ART
Hi All,
I have two routers connected together with an IPSec tunnel. I want to
have an ACL on the 'outside' (internet facing) interfaces (obviously).
However I don't want my tunnelled traffic to be subject to the ACL.
Previously I achieved this by running a GRE over the IPSec tunnel but I
want to avoid all of the MTU MSS issues by going to a pure IPSec tunnel
only.
When running different IOS images I have discovered that the firewall
version seems to work by bypassing the interface ACL for encrypted
traffic whilst the IPSec only version means that I hit the external ACL
for my encrypted traffic.
Can anyone shed any light on how to bypass an interface ACL when your
IPSec connection terminates on that interface?
It's bugging me you see....
Richard
This message contains information which may be confidential and privileged.
Unless you are the intended recipient (or authorized to receive this message
for the intended recipient), you may not use, copy, disseminate or disclose
to
anyone the message or any information contained in the message. If you have
received the message in error, please advise the sender by reply e-mail, and
delete the message. Thank you very much.
(A)
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:49 ART