Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
3
Replies

Help with Access list and encrypted trafic

Ayad
Level 1
Level 1

‎11-17-2010 05:17 AM

Dear all,

Can someone let me know witch trafic is authorized with the following access list (under my wan interface) :

access-list 177 permit udp any eq non500-isakmp any eq non500-isakmp

Thanks and regards,

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-17-2010 05:55 AM

Hi,

The ACL is allowing UDP 4500 which is used for NAT-T.

The router shows it as non-500 meaning that ESP traffic is encapsulated in NAT-T.

Hope it helps.

Federico.

0 Helpful

Ayad
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-17-2010 07:05 AM

In this case, my HTTPS trafic origine from LAN will be passed or not ?

Thanks,

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Ayad

‎11-17-2010 07:09 AM

If you HTTPS traffic will go through the IPsec tunnel, it will pass (all IP traffic will)...

But if the HTTPS traffic will not go through the tunnel, then you need to permit that traffic in the ACL.

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents