Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ASA "route inside 0 0 192.168.1.1 tunneled" interface ACL question

Hi,

Quick question around the route inside 0.0.0.0 0.0.0.0 192.168.1.2 tunneled command.

Do you need to add any u-turn traffic to the inside interfaces ACL (eg internet bound http traffic) or does "same-security-traffic permit intra-interface" negate the need for this?

So if my remote vpn site on the outside is 10.1.1.0/24 do I need to add incoming permit statements for the 10.1.1.0/24 on my inside interface.

Thanks

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

ASA "route inside 0 0 192.168.1.1 tunneled" interface ACL questi

same-security-traffic permit intra-interface  allows ingress-then-egress traffic on a single interface

incoming permit 10.1.1.0/24 statement in the ACL   allows (egress-then-)ingress traffic on a single interface, but you need to disable RPF check

1 REPLY
Silver

ASA "route inside 0 0 192.168.1.1 tunneled" interface ACL questi

same-security-traffic permit intra-interface  allows ingress-then-egress traffic on a single interface

incoming permit 10.1.1.0/24 statement in the ACL   allows (egress-then-)ingress traffic on a single interface, but you need to disable RPF check

1427
Views
0
Helpful
1
Replies
CreatePlease to create content