02-12-2004 01:43 PM - edited 02-21-2020 01:02 PM
I have IPSec tunnel between my home router which is Cisco 2621 and Cisco 7200 at work. I have IPSec tunnel which works fine if I have traffic orginates from my home LAN segment towards my work. On Cisco 7200 at work, I have access-list "permit any to 10.1.1.0 to bring the tunnel if packet is destined for my home network, but it does not bring the tunnel up.
My question is can I use access-list permi ip any to home_network to bring the tunnel up?
02-12-2004 03:25 PM
i usually just define the source and destination networks individually.
i.e.,
access-list permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255
never had any trouble with it that way
i don't know if you can't use "any", but i have never seen anyone else do it that way.
02-17-2004 03:58 PM
I see what you saying, and it works that way if you know what is the source of traffic. For instance, if you are coming from Internet looking for my webserver, you will hit Cisco 7200 at work which has IPSec tunnle over my DSL to my home LAN which is publically routable address space I got from work.
On Cisco 7200, I have access-list which basically says if anything destined towards my webserver or my class C, bring the IPSec tunnel up, but it does not bring the tunnel up.
02-16-2004 03:23 AM
Please do you have any NAT configured on you router 2621 at home ?
02-16-2004 04:11 PM
have you implement firewall feature on 2621 at home?
02-17-2004 04:05 PM
No, I have not. I really don't have any issue bring tunnel from Cisco 2621 to 7200, but the other way around.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: