Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
1
Replies

Trust IPSec traffic and avoid going through access control lists

costaskyrri
Level 1
Level 1

‎12-13-2005 01:42 AM - edited ‎02-21-2020 02:09 PM

IS there a command for ios routers like the pix command

--- sysopt connection permit-ipsec---

which will bypass the outside access-lists.

Labels:
0 Helpful
1 Reply 1

aacole
Level 5
Level 5

‎12-13-2005 12:31 PM

No, If you have an ACL on an interface you have to permit the IPSec traffic in the list.

Also, if the traffic is decrypted on the router with the ACL, in earlier IOS versions you had to permit the decrypted addresses and protocols in the ACL as well. This feature did change as IOS developed, may be worth researching if your likely to be affected by this.

Andy

0 Helpful
Customers Also Viewed These Support Documents