Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Inbound ACL for public VPN router

Hi all,

I have configured our VPN router for access for all our mobile clients. Our private VPN range is going to be 172.16.10.x/24. Do I need to add ACL permit rules for this range on our inbound ACL to all the inside LANs to facilitate access for the VPN users?

eg int S0/0/0

     ip address 85.x.x.x

     ip access-group 100 in

access-list 100 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255

If I understand things correctly, once the user connects, the VPN is tunnelled as far as the inside of the interface, so traffic passing through the VPN is encapsulated and hence wouldnt appear as a private IP?

All comments are greatly appreciated.

Paul

1 ACCEPTED SOLUTION

Accepted Solutions

Inbound ACL for public VPN router

Sorry  I mean to say you should not edit outside acl for vpn traffic for rest of the things you can do it.

Thanks

Ajay

4 REPLIES

Inbound ACL for public VPN router

Acl on outside interface is not required.

Thanks

Ajay

New Member

Inbound ACL for public VPN router

The ACL is already in place as it controls access to the rest of the site. There is no seperate firewall.

Thanks.

Inbound ACL for public VPN router

Sorry  I mean to say you should not edit outside acl for vpn traffic for rest of the things you can do it.

Thanks

Ajay

New Member

Inbound ACL for public VPN router

Thanks for your help.

273
Views
0
Helpful
4
Replies