Does permit ip any any also include GRE and ESP traffic?

Answered Question
Dec 23rd, 2009

Dear friends,

When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   

Thanks a lot

Gautam

I have this problem too.
0 votes
Correct Answer by Kureli Sankar about 7 years 1 month ago

GRE is ip protocol 47 and ESP is ip protocol 50 so, you acl should be

access-list blah permit 47 any any

access-l blah permit 50 any any

access-list blah permit ip any any

-KS

Correct Answer by Jon Marshall about 7 years 1 month ago

gautamzone wrote:

Dear friends,

When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   

Thanks a lot

Gautam

Gautam

No it doesn't. IP includes TCP/UDP/ICMP but GRE and ESP have their own protocol numbers at the IP layer.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 12/23/2009 - 08:09

gautamzone wrote:

Dear friends,

When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   

Thanks a lot

Gautam

Gautam

No it doesn't. IP includes TCP/UDP/ICMP but GRE and ESP have their own protocol numbers at the IP layer.

Jon

Correct Answer
Kureli Sankar Wed, 12/23/2009 - 08:26

GRE is ip protocol 47 and ESP is ip protocol 50 so, you acl should be

access-list blah permit 47 any any

access-l blah permit 50 any any

access-list blah permit ip any any

-KS

Actions

This Discussion