Has anyone had issues where guest users would come into your company network to VPN out to their own company network but is not able because the return traffic back to that user comes back as ESP instead of IP?
I'm wondering if there is a more graceful way of resolving this issue besides permitting ESP for any source on the outside network to the inside network.
Is there a way that the FWSM will allow only particular return ESP traffic based on previous outbound IPsec VPN tunnel negotiation attempts?
When looking at the options for protocols when configuring ACLs, I noticed that one of the protocols was IPSec. For example, access-list [word] extended permit [protocol], where one of the options for protocol was IPSEC. In what situation would this be used? Can this be used to provide stateful inspection of outbound IPSec VPN tunnel negotiation attempts ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...