Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to-Site VPN using IPSEC

Hi everybody,

I want to build a VPN between two sites, they are using two IOS router ( 2610 ) connected to Internet using a leased line both are equipped actually with IOS Firewall, with also an inbound access-list and CBAC. The access-list deny anything that is not originated from inside.

I know that I have to permit AHP and ESP + UDP 500. But what will happen to incoming telnet encrypted traffic, for example, it will be evaluated against the existing access-list or not ?

New Member

Re: Site-to-Site VPN using IPSEC

Not if it's inside the IPSEC tunnel. IPSEC will put it's own headers on the packet and they will be removed after the packet has been authenticated at the far end router. The original packet with original header will then be forwarded to the inside of your network.

New Member

Re: Site-to-Site VPN using IPSEC

It really depends on how your acl is written. Once you allow the inbound for encryption, the rest of the acl should still deny other inbound traffic. I started off by looking at the config examples on the TAC pages but be sure to test them first.

CreatePlease login to create content