Istvan_Rabai Thu, 01/29/2009 - 11:09
User Badges:
  • Gold, 750 points or more

Hi Mark,


You can use access-lists for protocol filtering.


For blocking IPsec vpn traffic it may look like this:


access-list 100 deny udp any 500 any 500

access-list 100 deny esp any any

access-list 100 permit ip any any


The 1st line blocks any isakmp traffic.

The 2nd line blocks any ipsec esp protocol traffic.

The 3rd line allows any other ip traffic.


Cheers:

Istvan


Istvan_Rabai Thu, 01/29/2009 - 14:22
User Badges:
  • Gold, 750 points or more

Hi Mark,


Sorry, probably I was sleeping when I posted my previous message :).


The fist line should be like this:


access-list 100 deny udp any eq 500 any eq 500


or


access-list 100 deny udp any eq isakmp any eq isakmp


Thanks:

Istvan

Actions

This Discussion