Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS Firewall - VPN question

Hello,

I have an integrated services C800 router connecting by VPN to the Central Office.  I would like to configure IOS Firewall on the C800 and I have a question.

Proposed configuration on the C800:

     interface Dialer0
          ip nat outside
          crypto map SK_MAP
          ip access-group 101 in

    interface Vlan10
        ip nat inside
        ip inspect myfw in

    access-list 101 permit udp host 200.1.1.1 any eq isakmp
    access-list 101 permit udp host 200.1.1.1 eq isakmp any
    access-list 101 permit esp host 200.1.1.1 any
    access-list 101 deny ip any any

    ip inspect name myfw http
    ip inspect name myfw https


Cryto map SK_MAP is set up so all traffic to Central Office (172.16.0.9/12) goes through the VPN.  All other traffic goes directly to the internet.


My question is that I want traffic going through the vpn between VLAN10 and the central Office to flow freely and not be part of the stateful firewall, how can I do this?

 

1 REPLY

Hi, VLAN 10 @ remote site to

Hi,

 

VLAN 10 @ remote site to central office should flow freely? what do you mean by this... you don not want that to be thru vpn or how it is?

 

Regards

Karthik

87
Views
0
Helpful
1
Replies
CreatePlease login to create content