Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
1
Replies

Classic IOS IPSEC VPN - ACL/Firewall

Paul Masterton
Level 1
Level 1

‎03-04-2013 10:52 AM - edited ‎02-21-2020 06:44 PM

Hello All,

How can I restrict traffic that comes in to my router over an established classic IPSEC tunnel (crypto map, etc.) assuming I don't control the remote end?

I know with a VTI I could just bind an ACL to is, is there a way to apply an ACL to decrypted traffic in the same way for a classic IPSEC tunnel?

Thanks!

P

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎03-05-2013 02:22 AM

Paul,

You're better off filtering on local LAN, but you might also look into this: 

R1(config)#crypto map MAP 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
R1(config-crypto-map)#set ip access-g ?
  <1-199>      IP access list (standard or extended)
  <1300-2699>  IP expanded access list (standard or extended)
  WORD         Access-list name

http://www.cisco.com/en/US/docs/ios-xml/ios/security/s1/sec-cr-s2.html#wp1661006749

HTH,

M.

0 Helpful
Customers Also Viewed These Support Documents