10-31-2017 04:02 AM - edited 03-12-2019 04:40 AM
Hi all,
I have an IPSEC tunnel created. I Would like to limit the encapsulated traffic.
If I open all the network 1.1.1.0/24 in the ACL applyed the connection to the 445 port of the server 1.1.1.2 works well. But if I open only this traffic it not works well, I can't connect to the 445 port.
You can view this in the attached diagram.
¿Maybe the ACL for IPSEC VPN only works with entire networks and it not works with more restrictive ACL?
Thans for your help.
Solved! Go to Solution.
10-31-2017 09:05 AM
10-31-2017 09:08 AM
10-31-2017 08:56 AM
10-31-2017 09:03 AM - edited 10-31-2017 09:05 AM
Thanks Raul,
The other peer is a FW and the rule is permit all traffic between both networks. Without port restrictions. I would like restrict ACL only in one of the extremes.
One side of the VPN is a FW Fortinet and the other is an old cisco with advanced IP services firmware installed.
¿Is necessary the same ACL (changing source and destination) in both extremes of the tunnel?
10-31-2017 09:05 AM
10-31-2017 09:10 AM
Thanks,
¿Can I use VPN filters on Cisco router or only on ASA?
I have another possible solution. I can apply another ACL to the inbound traffic interface differente of the ACL used in the VPN.
10-31-2017 09:08 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide