If all the device does is terminate IPsec VPN sessions then you should filter out all other non-IPsec packets. For example:
ip access-list extended OUTSIDE_IN
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
deny ip any any
Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan_at_INE.com
Internetwork Expert, Inc.
http://www.INE.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Vishal Rane
Sent: Monday, November 21, 2011 2:55 PM
To: ccielab_at_groupstudy.com
Subject: Securing IPSEC VPN Tunnel - Extra Mile
Hi All
I looked at INE Security Workbook ( VPN Section ) ; Configure IPSEC encryption with the Cisco IOS <site to site VPN tunneling > If the Router is dedicated only for VPN then what additional configuration is needed to secure the Box.
Not sure if Extra-Mile is covered Narbik Workbook or IP Expert
Thanks
Vishal
Blogs and organic groups at http://www.ccie.net
Received on Mon Nov 21 2011 - 15:08:19 ART
This archive was generated by hypermail 2.2.0 : Thu Dec 01 2011 - 06:29:31 ART