cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
40
Helpful
4
Replies

ACL inside VPN

sergo777
Level 1
Level 1

Hi There,

I need to run only specific traffic inside VPN (for example HTTPS and ICMP). How to do it? i couldn't find solution. This one, looks like different:

IPsec Data Plane Configuration Guide, Cisco IOS Release 15M&T - Crypto Access Check on Clear-Text Packets [Support] - Cisco

 

its standard IPSec between Cisco Router and Sophos. 

thanks

 

2 Accepted Solutions

Accepted Solutions

set ip access-group in/out under the crypto map.
this can be used to filter the traffic encrypt by ipsec. 

View solution in original post

4 Replies 4

set ip access-group in/out under the crypto map.
this can be used to filter the traffic encrypt by ipsec. 

Thanks!

like that?

crypto map vpnmap 10 ipsec-isakmp
 set peer 192.168.2.1
 set transform-set trans1
 set ip access-group 151 in
 set ip access-group 161 out
 match address 101


access-list 101 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 150 permit udp host 192.168.2.1 eq 500 host 192.168.1.1 eq 500
access-list 150 permit esp host 192.168.2.1 host 192.168.1.1
access-list 151 permit tcp 10.1.2.0 0.0.0.255 eq telnet 10.1.1.0 0.0.0.255
access-list 151 permit tcp 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255 eq telnet
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: