Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
206
Views
0
Helpful
1
Replies

IOS Firewall - VPN question

donald.cook
Level 1
Level 1

‎03-16-2014 06:52 AM - edited ‎03-11-2019 08:57 PM

Hello,

I have an integrated services C800 router connecting by VPN to the Central Office.  I would like to configure IOS Firewall on the C800 and I have a question.

Proposed configuration on the C800:

     interface Dialer0
          ip nat outside
          crypto map SK_MAP
          ip access-group 101 in

    interface Vlan10
        ip nat inside
        ip inspect myfw in

    access-list 101 permit udp host 200.1.1.1 any eq isakmp
    access-list 101 permit udp host 200.1.1.1 eq isakmp any
    access-list 101 permit esp host 200.1.1.1 any
    access-list 101 deny ip any any

    ip inspect name myfw http
    ip inspect name myfw https


Cryto map SK_MAP is set up so all traffic to Central Office (172.16.0.9/12) goes through the VPN.  All other traffic goes directly to the internet.


My question is that I want traffic going through the vpn between VLAN10 and the central Office to flow freely and not be part of the stateful firewall, how can I do this?

 

Labels:
0 Helpful
1 Reply 1

nkarthikeyan
Level 7
Level 7

‎08-20-2014 12:35 AM

Hi,

 

VLAN 10 @ remote site to central office should flow freely? what do you mean by this... you don not want that to be thru vpn or how it is?

 

Regards

Karthik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card