cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
270
Views
0
Helpful
1
Replies

857 permit IP acl with VPN

breser004
Level 1
Level 1

My firewall is setup with cbac on lan to public interface and acls inbound from public to lan. When cisco VPN clients connect outbound they authenticate and register fine but only when a permit IP acl from secure host allows me to route. when testing I created udp and tcp range acls to match to get some idea of where packets were coming from however no matches. Can anyone suggest how I can limit inbound ipsec rather than allow ip permit?

1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

Your acl can reference just esp and udp/500.

access-list 101 permit esp any any

access-list 101 permit udp any any eq isakmp

If you're allowing clients on the inside out, you can try instead of adding the above to your public acl.

ip inspect name FW isakmp

HTH,

John

HTH, John *** Please rate all useful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: