Configuring site-to-site VPN on 2821. Remote endpoint is 7206. On 2821, have 2 active interfaces, serial facing the ISP and Ethernet facing LAN. Tunnel endpoint on 2821 is terminating on LAN facing Ethernet interface. Question is this, do I need to create inbound ACL's on 2821 serial interface permiting those networks transiting the tunnel into the 2821 or can I just permit the remote endpoint's IP address? Thanks in advance.
You have given a good explanation about the function of ACL in controlling IPSec VPN and identifying traffic to be protected by the VPN. But as I read the original post I am not sure that is what was being asked about. I believe that the original question wants to know that if an access list is being configured inbound on the serial interface what does it need to permit for the VPN to work. In particular I think it wants to know whether the source and destination networks (LANs) need to be permitted or just the peer address. If that is the correct understanding then the answer is just the IPSec peer addresses need to be specified in the inbound ACL.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :