Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSEC subject to access-list

On a pix you can issue the sysopt permit-ipsec so that ipsec traffic is not subject to the outside access-list.

Is there a similar command for a router running ipsec? I'm terminating an ipsec tunnel on the outside interface of a router connected to the internet.

If there isn't, if someone spoofed one of my private addresses on the outside would it be dropped because it's not "IPSEC".

  • Other Security Subjects
1 REPLY
New Member

Re: IPSEC subject to access-list

Not that I know of.

We had a similar issue, and ended up having to build additional ACL rules to the top of ACL to allow VPN setup UDP 500 (IKE), and the traffic after it is unwrapped from the VPN.

82
Views
0
Helpful
1
Replies