Istvan_Rabai Thu, 01/29/2009 - 11:09

Hi Mark,

You can use access-lists for protocol filtering.

For blocking IPsec vpn traffic it may look like this:

access-list 100 deny udp any 500 any 500

access-list 100 deny esp any any

access-list 100 permit ip any any

The 1st line blocks any isakmp traffic.

The 2nd line blocks any ipsec esp protocol traffic.

The 3rd line allows any other ip traffic.

Cheers:

Istvan

Istvan_Rabai Thu, 01/29/2009 - 14:22

Hi Mark,

Sorry, probably I was sleeping when I posted my previous message :).

The fist line should be like this:

access-list 100 deny udp any eq 500 any eq 500

or

access-list 100 deny udp any eq isakmp any eq isakmp

Thanks:

Istvan

Actions

This Discussion