SITE TO SITE VPN with access-list on the outside interface

Unanswered Question
Jan 11th, 2009


I need to ask a simple question,

I have a site to site VPN, and it is working properly,

If i want to add an access-list on the outside interface of the firewall for the incoming traffic, does it affect the VPN Traffic? i have to permit anything related to the VPN in the access-list??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jithesh K Joy Sun, 01/11/2009 - 23:10

hi Jorjes,

if you have given "sysopt connection permit-ipsec " in global configuration mode of the device to allow the VPN traffic to bypass interface access lists, none of the access-list at the interface will block your VPN traffic.

Please visit the following url for more info


Jithesh K Joy


This Discussion