Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN traffic need specific ACLs?

I'm having an issue with DCs replicating and wanted to rule out the ASAs each are using for the VPN tunnels. 

Once the VPN established does traffic still need an any any ip ACL to allow any and all inside traffic between these two subnets?

This is between a 5510 and 5505.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

No, the any any is not

No, the any any is not required. The traffic that is configured for VPN is only interesting traffic designated to be encrypted. All other traffic is not encrypted and therefore does not pass through this tunnel.

If you feel the ASA is causing an issue and you control the devices on either side, you can capture the traffic and export to .pcap to wireshark for analysis.

Good luck

1 REPLY
New Member

No, the any any is not

No, the any any is not required. The traffic that is configured for VPN is only interesting traffic designated to be encrypted. All other traffic is not encrypted and therefore does not pass through this tunnel.

If you feel the ASA is causing an issue and you control the devices on either side, you can capture the traffic and export to .pcap to wireshark for analysis.

Good luck

53
Views
0
Helpful
1
Replies
CreatePlease to create content