Re: Site2site between ASAs

Yes, that's possible with your ACL (interesting traffic or encryption domain).

Just write an ACL on both ends that match what you want encrypted. Make sure your inside routes point to the VPN router, too.

Regards,
Jay McMickle- CCIE #35355 (R&S)
Sent from iJay

On Jul 11, 2012, at 12:43 AM, "amin" <amin_at_axizo.com> wrote:

> I is not a real question, just I mean I want to encrypt a portion of the IP
> traffic and leave the rest unencrypted.
>
>
> -----Original Message-----
> From: Jay McMickle [mailto:jay.mcmickle_at_yahoo.com]
> Sent: Wednesday, July 11, 2012 5:19 AM
> To: amin
> Cc: <ccielab_at_groupstudy.com>
> Subject: Re: Site2site between ASAs
>
> Good question, but I don't know that you could encrypt only ICMP traffic.
> Think about it- you use IP ACL's, and ICMP is included automatically.
>
> Now, you could use GRE over IPEC with a little sprinkle of PBR to encrypt
> only the ICMP, I mean, if you wanted to get crazy.
>
> Regards,
> Jay McMickle- CCIE #35355 (R&S)
> Sent from iJay
>
> On Jul 7, 2012, at 8:18 AM, "amin" <amin_at_axizo.com> wrote:
>
>> Hi experts,
>>
>> Site2site VPN between two ASAs, let us assume I want to encrypt the ICMP,
>> and leave the two LANs traffic between the two site unencrypted.
>>
>> LAN 1 172.16.1.1/24, LAN 2 172.16.2.0/24 == ICMP encrypted
>>
>> LAN 1 172.16.1.1/24, LAN 2 172.16.2.0/24 == Other traffic unencrypted
>>
>>
>>
>> Regards,
>>
>> Amin
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 11 2012 - 06:07:42 ART