I have few remote sites with different configurations, but to start with, I'd like to use a remote site where there is only one single device on the perimeter and this device does the NAT so all inside hosts can properly connect to the internet using the over-loaded Public IP address of the router's outside interface.
The HeadQuarters has a Cisco Router 2800 Series. The security is tight, so ANY on the ACLs is avoided as much as possible. Plus, the remote site has an Static publi IP.
What are the exact ACL that has to be applied on the outside interfacae of the HQ router in order to allow the remote office to create a Site-to-Site tunnel? Either end of the tunnel can initiate traffic to bring up the tunnel.
I am always confused with 3 ACLs when applying them to the outside interface of a router which will participate in these types of tunnels.
access-list 101 permit esp any host 220.127.116.11
access-list 101 permit udp any host 18.104.22.168 eq isakmp
access-list 101 permit udp any host 22.214.171.124 eq non500-isakmp.
In this scenario, which ACL is really needed on the outside interface of the HQ router?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...