cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
334
Views
0
Helpful
1
Replies

VPN traffic need specific ACLs?

Michael Bradt
Level 1
Level 1

I'm having an issue with DCs replicating and wanted to rule out the ASAs each are using for the VPN tunnels. 

Once the VPN established does traffic still need an any any ip ACL to allow any and all inside traffic between these two subnets?

This is between a 5510 and 5505.

1 Accepted Solution

Accepted Solutions

Lee Valentin
Level 1
Level 1

No, the any any is not required. The traffic that is configured for VPN is only interesting traffic designated to be encrypted. All other traffic is not encrypted and therefore does not pass through this tunnel.

If you feel the ASA is causing an issue and you control the devices on either side, you can capture the traffic and export to .pcap to wireshark for analysis.

Good luck

View solution in original post

1 Reply 1

Lee Valentin
Level 1
Level 1

No, the any any is not required. The traffic that is configured for VPN is only interesting traffic designated to be encrypted. All other traffic is not encrypted and therefore does not pass through this tunnel.

If you feel the ASA is causing an issue and you control the devices on either side, you can capture the traffic and export to .pcap to wireshark for analysis.

Good luck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: