Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

permit esp any any

How can I make the following more secure?:

access-list from_outside permit esp any any

We have currently have it on our firewall and I know it's not the most secure.  But I want to make sure our tunnels still work.

Thank you,

Thomas

1 ACCEPTED SOLUTION

Accepted Solutions

Re: permit esp any any

This line I assume you have it applied on the outside interface. If that is the case, this line should be used to allow traffic from outside to the inside. If you have static nat configured you could permit esp from know sources to the NAT'ed IPs.

If you don't have any nat for inbound traffic then you don't need that acl.

Sent from Cisco Technical Support iPhone App

1 REPLY

Re: permit esp any any

This line I assume you have it applied on the outside interface. If that is the case, this line should be used to allow traffic from outside to the inside. If you have static nat configured you could permit esp from know sources to the NAT'ed IPs.

If you don't have any nat for inbound traffic then you don't need that acl.

Sent from Cisco Technical Support iPhone App

3947
Views
0
Helpful
1
Replies