From: Terjéki Gábor (terjeki.gabor@gmail.com)
Date: Tue Jul 29 2008 - 12:13:46 ART
If you only have site to site tunnel, only from the remote peers:
permit udp host <peer ip> host <local address> eq 500
permit udp host <peer ip> host <local address> eq 4500
permit esp host <peer ip> host <local address>
etc.
Or actually if you run IOS prior 12.3(8t), you need to enable the
interesting traffic also. Since this version it's not required:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_crpks.html
hth,
Gabor
On Tue, Jul 29, 2008 at 3:18 PM, Monica Belluci <mpls1979@gmail.com> wrote:
> Which IP blocks I should allow ?
>
> On Tue, Jul 29, 2008 at 3:59 PM, Terjiki Gabor <terjeki.gabor@gmail.com>
> wrote:
>>
>> Usually UDP 500, UDP 4500, TCP 10000, ESP and AH is enabled. As Naji
>> has told, not all of them is required, depending on your setup,
>> however it usually not a problem to enable all.
>>
>> regads,
>> Gabor
>>
>> On Tue, Jul 29, 2008 at 11:47 AM, Monica Belluci <mpls1979@gmail.com>
>> wrote:
>> > Dear GS,
>> >
>> > I have VPN site to site ?
>> > I am using access-list on my permiter router on both routers locally and
>> > remotely .What I need to allow on the perimeter router to not to effect
>> > VPN
>> > traffic ?
>> >
>> > Thanks
>> > Monica bel
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:57 ART