Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

857 permit IP acl with VPN

My firewall is setup with cbac on lan to public interface and acls inbound from public to lan. When cisco VPN clients connect outbound they authenticate and register fine but only when a permit IP acl from secure host allows me to route. when testing I created udp and tcp range acls to match to get some idea of where packets were coming from however no matches. Can anyone suggest how I can limit inbound ipsec rather than allow ip permit?

1 REPLY

Re: 857 permit IP acl with VPN

Your acl can reference just esp and udp/500.

access-list 101 permit esp any any

access-list 101 permit udp any any eq isakmp

If you're allowing clients on the inside out, you can try instead of adding the above to your public acl.

ip inspect name FW isakmp

HTH,

John

HTH, John *** Please rate all useful posts ***
103
Views
0
Helpful
1
Replies