Does permit ip any any also include GRE and ESP traffic?

Answered Question
Dec 23rd, 2009
User Badges:

Dear friends,


When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   


Thanks a lot

Gautam

Correct Answer by Kureli Sankar about 7 years 6 months ago

GRE is ip protocol 47 and ESP is ip protocol 50 so, you acl should be


access-list blah permit 47 any any

access-l blah permit 50 any any

access-list blah permit ip any any


-KS

Correct Answer by Jon Marshall about 7 years 6 months ago

gautamzone wrote:


Dear friends,


When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   


Thanks a lot

Gautam


Gautam


No it doesn't. IP includes TCP/UDP/ICMP but GRE and ESP have their own protocol numbers at the IP layer.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 12/23/2009 - 08:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

gautamzone wrote:


Dear friends,


When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   


Thanks a lot

Gautam


Gautam


No it doesn't. IP includes TCP/UDP/ICMP but GRE and ESP have their own protocol numbers at the IP layer.


Jon

Correct Answer
Kureli Sankar Wed, 12/23/2009 - 08:26
User Badges:
  • Cisco Employee,

GRE is ip protocol 47 and ESP is ip protocol 50 so, you acl should be


access-list blah permit 47 any any

access-l blah permit 50 any any

access-list blah permit ip any any


-KS

Actions

This Discussion