I have configured our VPN router for access for all our mobile clients. Our private VPN range is going to be 172.16.10.x/24. Do I need to add ACL permit rules for this range on our inbound ACL to all the inside LANs to facilitate access for the VPN users?
eg int S0/0/0
ip address 85.x.x.x
ip access-group 100 in
access-list 100 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255
If I understand things correctly, once the user connects, the VPN is tunnelled as far as the inside of the interface, so traffic passing through the VPN is encapsulated and hence wouldnt appear as a private IP?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...