i was configuring an access-list on a FWSM and came across an option which i think might help me reduce the number of access-list statements.
access-list xxxxx extended permit ipsec a.a.a.a a.a.a.a
could some one tell me if the ipsec option in the access-list dynamically allow all the ports associated with ipsec connection like ESP, udp 500 or udp 4500 ?
if not than what will it allow.
we are having issues with ipsec-pass-thorugh on the fwsm as it does not support the default inspect statement like an ASA.
That would only match ESP traffic.
any particular reason why we would use ipsec because protocol esp is also an option when configuring an access-list?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: