The ACL applied to your outside interface is not relevant for VPN
termination. In other words, it is never checked.
On Thu, Mar 8, 2012 at 10:49 AM, Christopher Copley
<copley.chris_at_gmail.com> wrote:
> I have an ASA and I only want specific IP's to be able to access my ASA to
> form an IPSEC peer. I created a rule for the outside interface to only
> allow specific peers to be accepted via isakmp, and ESP, but the rule
> never gets any hits. Is the ASA like the routers and the ACL's do not
> apply to the ASA interfaces itself? Is it possible to filter out what
> IP's I want the ASA to respond to via ESP and isakmp via an ACL? Long story
> short I am being asked to do this b/c of aggressive mode for my VPN's.
>
> Thoughts?
>
>
> --
> Christopher D. Copley
> copley.chris_at_gmail.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan Blogs and organic groups at http://www.ccie.netReceived on Thu Mar 08 2012 - 11:12:05 ART
This archive was generated by hypermail 2.2.0 : Sun Apr 01 2012 - 07:56:52 ART