Hi, We have ASA 5505 FW in Production which is working fine but the inside NOC users connect with Miami Servers which is located at data center and we can connect those servers by using Lucent VPN client and for giving access the servers I have make a following access-list which is access-list outside_access_in_1 extended permit esp any any
Can I make the access list port based like if I open directly port 50 then will it work instead of making esp rule.
May I know that the above command is sufficient as security wise or is there any other rule we can make for allowing the IP sec traffic from outside traffic.
Please note that ESP = IP Protocol # 50 and not Port # 50 (Like we have in UDP/TCP).
However you can make your access-list more granular, you will always know the IP address of the VPN gateway (Server), you can put that as 'host ' in the access-list
access-list outside_access_in_1 extended permit esp any host N.N.N.N
Assuming VPN server is behind ASA.