07-25-2018 03:14 PM - edited 03-12-2019 04:07 AM
I need to create a rule to allow IPsec/ISAKMP traffic trough a FTD 2100. The rule for the ISAKMP is pretty straight forward, allow udp 500 and/or 4500. But how do you define the rule to allow protocol esp?
Solved! Go to Solution.
07-25-2018 04:47 PM
You can create a rule under Access-Control Policy to allow ESP by choosing ESP(50) under the destination port. Picture attached:
This translates to the following rule on the CLI
access-list CSM_FW_ACL_ line 22 advanced permit esp ifc inside any any rule-id 268440576
07-25-2018 04:47 PM
You can create a rule under Access-Control Policy to allow ESP by choosing ESP(50) under the destination port. Picture attached:
This translates to the following rule on the CLI
access-list CSM_FW_ACL_ line 22 advanced permit esp ifc inside any any rule-id 268440576
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide