Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ipsec access-list question

hello,

i was configuring an access-list on a FWSM and came across an option which i think might help me reduce the number of access-list statements.

access-list xxxxx extended permit ipsec a.a.a.a a.a.a.a

could some one tell me if the ipsec option in the access-list dynamically allow all the ports associated with ipsec connection like ESP, udp 500 or udp 4500 ?

if not than what will it allow.

we are having issues with ipsec-pass-thorugh on the fwsm as it does not support the default inspect statement like an ASA.

Thanks,

Aqdas

Everyone's tags (3)
2 REPLIES
New Member

Re: ipsec access-list question

That would only match ESP traffic.

Tanveer Dewan

tdeewan@cisco.com

New Member

Re: ipsec access-list question

any particular reason why we would use ipsec because protocol esp is also an option when configuring an access-list?

947
Views
0
Helpful
2
Replies