03-06-2009 10:02 AM
This should be a fairly simple question. With a VPN tunnel can you specify a larger IP range in the access-list such as 10.1.0.0/8 that will accept traffic from smaller subnets in that range like 10.1.3.0/24?
I'm not sure if the ACL just inspects the IP, or if the subnetmask must be a identical.
Solved! Go to Solution.
03-06-2009 10:39 AM
For vpn traffic super nets will be read and processed, in other words if you define a match address like:
permit ip 10.0.0 0.255.255.255 172.16.0.0 0.0.255.255
This will include the whole /8 subnets of the 10 and the whole /16 subnets of the 172 to be sent on that tunnel.
Be careful when using this since some traffic that you don't want might be match on this.
03-06-2009 10:39 AM
For vpn traffic super nets will be read and processed, in other words if you define a match address like:
permit ip 10.0.0 0.255.255.255 172.16.0.0 0.0.255.255
This will include the whole /8 subnets of the 10 and the whole /16 subnets of the 172 to be sent on that tunnel.
Be careful when using this since some traffic that you don't want might be match on this.
03-06-2009 11:10 AM
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: