Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Does permit ip any any also include GRE and ESP traffic?

Dear friends,

When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   

Thanks a lot

Gautam

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: Does permit ip any any also include GRE and ESP traffic?

gautamzone wrote:

Dear friends,

When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   

Thanks a lot

Gautam

Gautam

No it doesn't. IP includes TCP/UDP/ICMP but GRE and ESP have their own protocol numbers at the IP layer.

Jon

Cisco Employee

Re: Does permit ip any any also include GRE and ESP traffic?

GRE is ip protocol 47 and ESP is ip protocol 50 so, you acl should be

access-list blah permit 47 any any

access-l blah permit 50 any any

access-list blah permit ip any any

-KS

3 REPLIES
Hall of Fame Super Blue

Re: Does permit ip any any also include GRE and ESP traffic?

gautamzone wrote:

Dear friends,

When i say on the ASA, access-list xyz extended permit ip any any, does it also include GRE and ESP traffic                   

Thanks a lot

Gautam

Gautam

No it doesn't. IP includes TCP/UDP/ICMP but GRE and ESP have their own protocol numbers at the IP layer.

Jon

Cisco Employee

Re: Does permit ip any any also include GRE and ESP traffic?

GRE is ip protocol 47 and ESP is ip protocol 50 so, you acl should be

access-list blah permit 47 any any

access-l blah permit 50 any any

access-list blah permit ip any any

-KS

New Member

Re: Does permit ip any any also include GRE and ESP traffic?

Thanks a lot Jon and kushankar for the help.

8928
Views
0
Helpful
3
Replies
CreatePlease to create content