Hi Guys,
Just reading a book here, I came across this statement which I havent come
across (at least yet). It says when IPSec tunneled traffic hits the Outside
interface of an ASA, if you have do not have *sysopt connection
permit-vpn*configured and decided to allow the VPN (related) traffic
by opening up the
Outside-IN ACL on the Outside interface, then you also NEED TO ALLOW the
tuneled traffic through this ACL.
In other words, these IPSec tunneled traffic will be hitting the Outside-IN
ACL twice before traversing the ASA; the encrypted and the tunneled traffic.
How true is this? Has anyone encountered this in their configuration
endeaviours please? Could this behaviour be specific to a version of code
ran on the ASA??
Thanks in advance,
Sadiq
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Wed Apr 29 2009 - 20:36:20 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART