if we have a LAN to LAN vpn between to two cisco firewalls and allowed the service as IP (ipsec tunnel) do we need indivugial access-list in the security policy ? (i had a similar case where i had to put in a entry on the security policy for port 16000 between the two subnets used onthe LAN to LAN firewalls)
i was under the impression the security policy applies only for non vpn and for vpn traffic we need to specify on the ipsec tunnel (under the tab service)
Your question is not very clear to me .However if you mean to say you need extra ACL for VPN then answer is yes - You need to call ACL for crypto as well for nat exempt while configuring Site To Site VPN.
yep apart from the ACL (that is encrypted in the tunnel) do we need any extra acl to allow access to the specific ports. (please note that in the extended acl for the vpn i have allowed ip traffic which means all traffic) but i have had to put in an extra acl apart from the first one and mention the port numbers. not sure why ? (i thought the acl in the security policy tab are needed only for non vpn traffic
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :