04-24-2011 08:32 AM - edited 03-11-2019 01:24 PM
Hello,
we are using a CISCO1921-SEC Router. On the "WAN" side we have 1 public IP Adress assigned by DHCP.
At the moment we are using the WAN Interface with a crypto-map as endpoint of some IPSec connections. We set up a zone-based-firewall with "WAN" and "LAN" zone. In this setup all IPSec Endpoints are on one Interface - connections to the "LAN" zone can be managed by rulesets. What about connections between IPSec connections and the zone "self".
We like to terminate each IPSec connection in a seperated zone. Is this a good idea ?
How can this be configured ?
Each one on a "tunnel inetface" with "tunnel source ..." binding ?
Please give us a hint ... Thanks !!
Nachricht geändert durch NISITNETC
Solved! Go to Solution.
04-27-2011 09:09 PM
When tunnels are terminating on the router, that is the self zone, by default all the traffic is allowed, If you want to restrict access you need to create a self zone and add a zone-pair from WAN to Self.
Hope this link will help you,
04-27-2011 05:36 AM
push ...
04-27-2011 09:09 PM
When tunnels are terminating on the router, that is the self zone, by default all the traffic is allowed, If you want to restrict access you need to create a self zone and add a zone-pair from WAN to Self.
Hope this link will help you,
04-28-2011 12:23 AM
> When tunnels are terminating on the router, that is the self zone,
> by default all the traffic is allowed, If you want to restrict access
> you need to create a self zone and add a zone-pair from WAN to Self.
Yes, I set up the self-zone rules and traffic was allowed to the tunnel-end on the system (self).
But we want to set up rules FROM this tunnel-end to the rest of the system. Something like
TUNNEL1 - LAN
TUNNEL2 - LAN
LAN - TUNNEL1
LAN - TUNNEL2
with the situation having a crypto-map in the WAN Interface with all tunnels.
Can you give ma an example for this ?
> Hope this link will help you,
Sorry, the link is broken ...
05-06-2011 12:38 PM
push ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide