03-22-2004 05:05 AM - edited 02-21-2020 01:05 PM
hi,
is there a command in IOS that allows encrypted traffic to bypass the external access-list of a router. I only want the ipsec ports in the external ACL - I do not really want to list the remote and local encryption domain in the acl.
Thanks in advance.
Ger
03-22-2004 09:46 PM
No, there is no equivalent IOS command. Good news is that if you're referring to bug CSCdz54626 (http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz54626&Submit=Search), where the ACL is processed twice on the incoming interface, this has finally need resolved.
I haven't personally tested it yet (because the code isn't available), but the fix is supposedly in the 4th release of the 12.3T train, so that'd be the next release after 12.3(7)T. It may or may not be 12.3(8)T, depends on the timing of the next release, but if you upgrade to this when it becomes available you should be able to remove the local/remote networks from your ACL.
03-23-2004 06:57 AM
Hey Glenn,
I am not sure that this is a good thing ;)
Do you know if it will be possible to still use ACL's as a filter for the VPN traffic by somehow disabling this "fix" in 12.3 code?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide