vpn access lists

Unanswered Question
Feb 14th, 2008
User Badges:

hi all

I am in progress of creating a site to site tunnel between 2 sites, we need to access e-mail, internet and rdp from site A on site B, and we need to access rdp, telnet and mail from site B to site A, can anyone tell me what i need to do to create the tunnel, do I just allow source to destination networks, and then use an access list to prohibit the ports, please help


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rick Morris Thu, 02/14/2008 - 08:54
User Badges:
  • Silver, 250 points or more

It all depends on how you want to control traffic.

You can do networks or hosts.

If you are using a pix I would suggest using object groups.

it will make your life easier to say the least.

One thing to keep in consideration in the VPN between cisco devices is the acl's need to match line for line at both ends for the tunnel. If not the tunnel will not pass phase 2


This Discussion