RE: Site2site between ASAs

I is not a real question, just I mean I want to encrypt a portion of the IP
traffic and leave the rest unencrypted.

-----Original Message-----
From: Jay McMickle [mailto:jay.mcmickle_at_yahoo.com]
Sent: Wednesday, July 11, 2012 5:19 AM
To: amin
Cc: <ccielab_at_groupstudy.com>
Subject: Re: Site2site between ASAs

Good question, but I don't know that you could encrypt only ICMP traffic.
Think about it- you use IP ACL's, and ICMP is included automatically.

Now, you could use GRE over IPEC with a little sprinkle of PBR to encrypt
only the ICMP, I mean, if you wanted to get crazy.

Regards,
Jay McMickle- CCIE #35355 (R&S)
Sent from iJay

On Jul 7, 2012, at 8:18 AM, "amin" <amin_at_axizo.com> wrote:

> Hi experts,
>
> Site2site VPN between two ASAs, let us assume I want to encrypt the ICMP,
> and leave the two LANs traffic between the two site unencrypted.
>
> LAN 1 172.16.1.1/24, LAN 2 172.16.2.0/24 == ICMP encrypted
>
> LAN 1 172.16.1.1/24, LAN 2 172.16.2.0/24 == Other traffic unencrypted
>
>
>
> Regards,
>
> Amin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 11 2012 - 08:43:44 ART