07-25-2018 03:14 PM - edited 03-12-2019 04:07 AM
I need to create a rule to allow IPsec/ISAKMP traffic trough a FTD 2100. The rule for the ISAKMP is pretty straight forward, allow udp 500 and/or 4500. But how do you define the rule to allow protocol esp?
Solved! Go to Solution.
07-25-2018 04:47 PM
You can create a rule under Access-Control Policy to allow ESP by choosing ESP(50) under the destination port. Picture attached:
This translates to the following rule on the CLI
access-list CSM_FW_ACL_ line 22 advanced permit esp ifc inside any any rule-id 268440576
07-25-2018 04:47 PM
You can create a rule under Access-Control Policy to allow ESP by choosing ESP(50) under the destination port. Picture attached:
This translates to the following rule on the CLI
access-list CSM_FW_ACL_ line 22 advanced permit esp ifc inside any any rule-id 268440576
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: