cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
792
Views
0
Helpful
5
Replies

IPSec tunnel problem using access-list

ravshah
Level 1
Level 1

I have IPSec tunnel between my home router which is Cisco 2621 and Cisco 7200 at work. I have IPSec tunnel which works fine if I have traffic orginates from my home LAN segment towards my work. On Cisco 7200 at work, I have access-list "permit any to 10.1.1.0 to bring the tunnel if packet is destined for my home network, but it does not bring the tunnel up.

My question is can I use access-list permi ip any to home_network to bring the tunnel up?

5 Replies 5

d-garnett
Level 3
Level 3

i usually just define the source and destination networks individually.

i.e.,

access-list permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255

never had any trouble with it that way

i don't know if you can't use "any", but i have never seen anyone else do it that way.

I see what you saying, and it works that way if you know what is the source of traffic. For instance, if you are coming from Internet looking for my webserver, you will hit Cisco 7200 at work which has IPSec tunnle over my DSL to my home LAN which is publically routable address space I got from work.

On Cisco 7200, I have access-list which basically says if anything destined towards my webserver or my class C, bring the IPSec tunnel up, but it does not bring the tunnel up.

cguinnin
Level 1
Level 1

Please do you have any NAT configured on you router 2621 at home ?

jackko
Level 7
Level 7

have you implement firewall feature on 2621 at home?

No, I have not. I really don't have any issue bring tunnel from Cisco 2621 to 7200, but the other way around.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: