thus trying to enable only one protocol (www) over the vpn tunnel. but when i do this, then the tunnel is not made. it only works when i do a permit IP, any attempt of filtering results in no vpn tunnel.
is this normal?, is there a way arround it? i tried searching many forums but dont really saw anyone with this problem.
and also use only permit IP.
this vpn tunnel is with a third party and i would like to block traffic from them and or only enable traffic from us over a certain port.
any help on this is greatly appriciated. i have been pulling my hairs out for a couple of days now.
these document reffere to IOS 12.4.x this version supports these commands on a crypto map. in the past i think you needed to open the ports on the outside interface. on 12.4.x this is not needed anymore.
crypto map (name) 1 ipsec-isakmp
set ip access-group (address1-in) in
set ip access-group (address1-out) out
normaly you would have:
ip access-list extended (address1)
permit local.mask remote/mask
and now you can add filtering before the ipsec tunnel with the above named access-group commands on the cryptomap for your vpn
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...