topic permit esp any any in Network Security https://community.cisco.com/t5/network-security/permit-esp-any-any/m-p/1587881#M559165 <P>How can I make the following more secure?:</P><P></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"><SPAN style="Courier New&amp;quot: ; color: #000000; font-size: 12pt; font-family: &amp;quot; ">access-list from_outside permit esp any any </SPAN></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"><SPAN style="Courier New&amp;quot: ; font-family: arial,helvetica,sans-serif; ">We have currently have it on our firewall and I know it's not the most secure.&nbsp; But I want to make sure our tunnels still work.</SPAN></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"><SPAN style="font-family: &amp;quot;Courier New&amp;quot;;">Thank you,</SPAN></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"><SPAN style="font-family: &amp;quot;Courier New&amp;quot;;">Thomas</SPAN></P><P></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"></P><P></P> Mon, 11 Mar 2019 20:12:28 GMT Thomas Reiling 2019-03-11T20:12:28Z permit esp any any https://community.cisco.com/t5/network-security/permit-esp-any-any/m-p/1587881#M559165 <P>How can I make the following more secure?:</P><P></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"><SPAN style="Courier New&amp;quot: ; color: #000000; font-size: 12pt; font-family: &amp;quot; ">access-list from_outside permit esp any any </SPAN></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"><SPAN style="Courier New&amp;quot: ; font-family: arial,helvetica,sans-serif; ">We have currently have it on our firewall and I know it's not the most secure.&nbsp; But I want to make sure our tunnels still work.</SPAN></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"><SPAN style="font-family: &amp;quot;Courier New&amp;quot;;">Thank you,</SPAN></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"><SPAN style="font-family: &amp;quot;Courier New&amp;quot;;">Thomas</SPAN></P><P></P><P class="MsoPlainText" style="margin: 0in 0in 0pt;"></P><P></P> Mon, 11 Mar 2019 20:12:28 GMT https://community.cisco.com/t5/network-security/permit-esp-any-any/m-p/1587881#M559165 Thomas Reiling 2019-03-11T20:12:28Z Re: permit esp any any https://community.cisco.com/t5/network-security/permit-esp-any-any/m-p/1587882#M559171 <HTML><HEAD></HEAD><BODY><P>This line I assume you have it applied on the outside interface. If that is the case, this line should be used to allow traffic from outside to the inside. If you have static nat configured you could permit esp from know sources to the NAT'ed IPs. </P><P></P><P>If you don't have any nat for inbound traffic then you don't need that acl.</P><P></P><P>Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Thu, 24 Mar 2011 18:37:44 GMT https://community.cisco.com/t5/network-security/permit-esp-any-any/m-p/1587882#M559171 PAUL GILBERT ARIAS 2011-03-24T18:37:44Z