Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

how packet is forwarded in IPSec

Guys suppose we have a third party and we have an IPSec between each other ......one of my server say 10.1.1.1 has to connect to 192.168.1.100 server at third party on particular port say ldap.

So I will create a crypto acl ( other words to match interesting traffic )

My question is that how firewall route the traffic to 192 as it has no knowledge abt 192 address ..second question is how can we do port restriction

Thanks

Sent from Cisco Technical Support iPad App

1 REPLY
VIP Purple

how packet is forwarded in IPSec

My question is that how firewall route the traffic to 192 as it has no knowledge abt 192 address

you nmeed to have a static route for that remote network out of your outside interface. If you have a default-route, that's also fine.

second question is how can we do port restriction

Which device do you have? If it's an ASA then you can put an ACL into the tunnel, but that's not very comfortable for site-2-site-VPNs. You can also decide to filter the trafic the legacy way where you permit the traffic in the outside ACL.

You can also restrict the crypto-acl to your exact definition. But keep in mind that the ACL has to be mirrored on the other side and dynamic protocols like FTP won't work with that.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

197
Views
0
Helpful
1
Replies
CreatePlease to create content