topic Re: ipsec access-list question in Network Security

ipsec access-list question

Aqdas Muneer — Mon, 11 Mar 2019 16:59:48 GMT

hello,

i was configuring an access-list on a FWSM and came across an option which i think might help me reduce the number of access-list statements.

access-list xxxxx extended permit ipsec a.a.a.a a.a.a.a

could some one tell me if the ipsec option in the access-list dynamically allow all the ports associated with ipsec connection like ESP, udp 500 or udp 4500 ?

if not than what will it allow.

we are having issues with ipsec-pass-thorugh on the fwsm as it does not support the default inspect statement like an ASA.

Thanks,

Aqdas

Re: ipsec access-list question

Tanveer Deewan — Mon, 15 Feb 2010 14:50:37 GMT

That would only match ESP traffic.

Tanveer Dewan

tdeewan@cisco.com

Re: ipsec access-list question

Aqdas Muneer — Mon, 08 Mar 2010 15:08:36 GMT

any particular reason why we would use ipsec because protocol esp is also an option when configuring an access-list?