In your proxy ACL you just need to specify only ICMP traffic, e.g. access-list PROXY_ACL permit icmp 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0.
Some cases will not work with the proxy ACL if you get too specific, but just using ICMP for the classifier should be fine.
HTH,
Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan_at_INE.com
Internetwork Expert, Inc.
http://www.INE.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of amin
Sent: Saturday, July 07, 2012 6:18 AM
To: ccielab_at_groupstudy.com
Subject: Site2site between ASAs
Hi experts,
Site2site VPN between two ASAs, let us assume I want to encrypt the ICMP, and leave the two LANs traffic between the two site unencrypted.
LAN 1 172.16.1.1/24, LAN 2 172.16.2.0/24 == ICMP encrypted
LAN 1 172.16.1.1/24, LAN 2 172.16.2.0/24 == Other traffic unencrypted
Regards,
Amin
Blogs and organic groups at http://www.ccie.net
Received on Tue Jul 10 2012 - 21:38:04 ART
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:23 ART