Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1789
Views
0
Helpful
2
Replies

ipsec access-list question

Aqdas Muneer
Level 1
Level 1

‎01-21-2010 08:27 AM - edited ‎03-11-2019 09:59 AM

hello,

i was configuring an access-list on a FWSM and came across an option which i think might help me reduce the number of access-list statements.

access-list xxxxx extended permit ipsec a.a.a.a a.a.a.a

could some one tell me if the ipsec option in the access-list dynamically allow all the ports associated with ipsec connection like ESP, udp 500 or udp 4500 ?

if not than what will it allow.

we are having issues with ipsec-pass-thorugh on the fwsm as it does not support the default inspect statement like an ASA.

Thanks,

Aqdas

Labels:
0 Helpful
2 Replies 2

Tanveer Deewan
Cisco Employee
Cisco Employee

‎02-15-2010 06:50 AM

That would only match ESP traffic.

Tanveer Dewan

tdeewan@cisco.com

0 Helpful

Aqdas Muneer
Level 1
Level 1
In response to Tanveer Deewan

‎03-08-2010 07:08 AM

any particular reason why we would use ipsec because protocol esp is also an option when configuring an access-list?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card