Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Protocol Filtering

Hi. How could I enable or disable protocol filtering in a router? If for example I wish to disable vpn esp protocol 500, what is the syntax?

Thanks in advance.

2 REPLIES

Re: Protocol Filtering

Hi Mark,

You can use access-lists for protocol filtering.

For blocking IPsec vpn traffic it may look like this:

access-list 100 deny udp any 500 any 500

access-list 100 deny esp any any

access-list 100 permit ip any any

The 1st line blocks any isakmp traffic.

The 2nd line blocks any ipsec esp protocol traffic.

The 3rd line allows any other ip traffic.

Cheers:

Istvan

Re: Protocol Filtering

Hi Mark,

Sorry, probably I was sleeping when I posted my previous message :).

The fist line should be like this:

access-list 100 deny udp any eq 500 any eq 500

or

access-list 100 deny udp any eq isakmp any eq isakmp

Thanks:

Istvan

122
Views
5
Helpful
2
Replies
CreatePlease to create content