Okay, so I have two PIX devices connected with a site2site VPN tunnel. The crypto map is applied to the outside interfaces.
There are also ACLs blocking certain traffic applied 'in' the outside DMZ interface.
Is traffic from PIX B's internal network subject to the ACLs on PIX A's outside ACL? Or does being a member of the VPN tunnel bypass this outside ACL? What ACLs does PIX B's internal network traffic go through to get to PIX A's internal network?
Re: What ACLs is VPN trafffic subject to on a PIX?
Okay, doing more research....if the 'sysopt connection permit ipsec' command is enabled, then any vpn traffic is permitted to flow from PIX-B's inside interface to PIX-A's inside interface and bypass all ACLs.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...