Access list for Remote Access VPN in IOS

Unanswered Question
Jun 6th, 2007
User Badges:


I have a router configured with an IOS Firewall and remote access ipsec VPN.

users can connect in fine, but no traffic passes through the VPN tunnel unles I do the following in the outside accesslist

access-list 110 permit ip any is the networ assigned to VPN clients, and I have to permit that network all access into the router for this to work.

is this normal, or is there a way to narow it down.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
050878james Wed, 06/06/2007 - 03:07
User Badges:

that`s correct, but I would never use "any" config you have used :

access-list 110 permit ip any

In my case I have 2 LAN networks :

and my vpn clients have the ip pool:

So I created the ACL as below :

ip access-list extended ACL_CRYPTO_VPN_CLIENTS

deny ip

permit ip

I denied access to VPN clients on the network and permited them access to network

You see? I have not used ANY because if You later add more than one LAN than is it more easy to handle the ACL, more easier to find out who have and who have not permission to access specified networks.

please rate if this helps




This Discussion