03-24-2011 10:00 AM - edited 03-11-2019 01:12 PM
How can I make the following more secure?:
access-list from_outside permit esp any any
We have currently have it on our firewall and I know it's not the most secure. But I want to make sure our tunnels still work.
Thank you,
Thomas
Solved! Go to Solution.
03-24-2011 11:37 AM
This line I assume you have it applied on the outside interface. If that is the case, this line should be used to allow traffic from outside to the inside. If you have static nat configured you could permit esp from know sources to the NAT'ed IPs.
If you don't have any nat for inbound traffic then you don't need that acl.
Sent from Cisco Technical Support iPhone App
03-24-2011 11:37 AM
This line I assume you have it applied on the outside interface. If that is the case, this line should be used to allow traffic from outside to the inside. If you have static nat configured you could permit esp from know sources to the NAT'ed IPs.
If you don't have any nat for inbound traffic then you don't need that acl.
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: