I have a Cisco 831 with router to router VPN's configured. I have an access list and firewall applied to the ethernet 0 interface. I need traffic from the remote VPN sites to be able to initiate a connection to nodes on the LAN side (ethernet 0) of this router. Do I need to add a permit to the access list applied to the ethernet 0 interface to allow the traffic from the LAN IP's of the remote networks or is VPN traffic automatically allowed based on the access list applied to the crypto map?
Second, if I need to add the permit to the ethernet 0 access list, will this work:
access-list 101 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
or do I have to specify all 3 octets of the destination networks individually?
access-list 101 permit ip 192.168.100.0 0.0.0.255 192.168.60.0 0.0.0.255
access-list 101 permit ip 192.168.100.0 0.0.0.255 192.168.58.0 0.0.0.255
OK, thanks. I was afraid of that but wasn't sure. Do I need to add rules to the access list on the ethernet 0 interface to let the traffic from the VPN remote sites pass or does the "match address" access list associated with the crypto maps take care of it?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...