I have set up a IPSec Tunnel between 2 Routers....both WANs are in different segments. So far this is OK, but I want to block any outgoing traffic that is NOT included in the ACL for the IPSec tunnel....for this I set up a ACL on the WAN interface of Router 1 (type: out)...but when I tried to ping to R2 from R1 LAN (not encrypted domain host) I can still reach R2 or even SSH it.
Any suggestion?-.....I know the problem is on the ACL ...but I dont know how to correct it.
yes Im sure....because is not in the ACL that allows the IPSEC-TRAFFIC....and also the tunnel is UP so I dont know what more info of the tunnel can be useful...rather than I use the " match address IPSEC-TRAFFIC"
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...