permit esp any any

Answered Question
Mar 24th, 2011

How can I make the following more secure?:

access-list from_outside permit esp any any

We have currently have it on our firewall and I know it's not the most secure.  But I want to make sure our tunnels still work.

Thank you,

Thomas

I have this problem too.
0 votes
Correct Answer by Paul Gilbert Arias about 3 years 1 month ago

This line I assume you have it applied on the outside interface. If that is the case, this line should be used to allow traffic from outside to the inside. If you have static nat configured you could permit esp from know sources to the NAT'ed IPs.

If you don't have any nat for inbound traffic then you don't need that acl.

Sent from Cisco Technical Support iPhone App

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
Paul Gilbert Arias Thu, 03/24/2011 - 11:37

This line I assume you have it applied on the outside interface. If that is the case, this line should be used to allow traffic from outside to the inside. If you have static nat configured you could permit esp from know sources to the NAT'ed IPs.

If you don't have any nat for inbound traffic then you don't need that acl.

Sent from Cisco Technical Support iPhone App

Actions

Login or Register to take actions

This Discussion

Posted March 24, 2011 at 10:00 AM
Stats:
Replies:1 Avg. Rating:5
Views:2243 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446