cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1064
Views
0
Helpful
2
Replies

Site-to-Site VPN using IPSEC

c.albrisi
Level 1
Level 1

Hi everybody,

I want to build a VPN between two sites, they are using two IOS router ( 2610 ) connected to Internet using a leased line both are equipped actually with IOS Firewall, with also an inbound access-list and CBAC. The access-list deny anything that is not originated from inside.

I know that I have to permit AHP and ESP + UDP 500. But what will happen to incoming telnet encrypted traffic, for example, it will be evaluated against the existing access-list or not ?

2 Replies 2

cdbush
Level 1
Level 1

Not if it's inside the IPSEC tunnel. IPSEC will put it's own headers on the packet and they will be removed after the packet has been authenticated at the far end router. The original packet with original header will then be forwarded to the inside of your network.

jbohla
Level 1
Level 1

It really depends on how your acl is written. Once you allow the inbound for encryption, the rest of the acl should still deny other inbound traffic. I started off by looking at the config examples on the TAC pages but be sure to test them first.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: