10-25-2000 02:42 AM - edited 02-21-2020 11:14 AM
Hi everybody,
I want to build a VPN between two sites, they are using two IOS router ( 2610 ) connected to Internet using a leased line both are equipped actually with IOS Firewall, with also an inbound access-list and CBAC. The access-list deny anything that is not originated from inside.
I know that I have to permit AHP and ESP + UDP 500. But what will happen to incoming telnet encrypted traffic, for example, it will be evaluated against the existing access-list or not ?
10-30-2000 01:40 PM
Not if it's inside the IPSEC tunnel. IPSEC will put it's own headers on the packet and they will be removed after the packet has been authenticated at the far end router. The original packet with original header will then be forwarded to the inside of your network.
10-31-2000 01:06 PM
It really depends on how your acl is written. Once you allow the inbound for encryption, the rest of the acl should still deny other inbound traffic. I started off by looking at the config examples on the TAC pages but be sure to test them first.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: