cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

79
Views
0
Helpful
1
Replies
Highlighted
Beginner

VPN traffic need specific ACLs?

I'm having an issue with DCs replicating and wanted to rule out the ASAs each are using for the VPN tunnels. 

Once the VPN established does traffic still need an any any ip ACL to allow any and all inside traffic between these two subnets?

This is between a 5510 and 5505.

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

No, the any any is not

No, the any any is not required. The traffic that is configured for VPN is only interesting traffic designated to be encrypted. All other traffic is not encrypted and therefore does not pass through this tunnel.

If you feel the ASA is causing an issue and you control the devices on either side, you can capture the traffic and export to .pcap to wireshark for analysis.

Good luck

View solution in original post

1 REPLY 1
Beginner

No, the any any is not

No, the any any is not required. The traffic that is configured for VPN is only interesting traffic designated to be encrypted. All other traffic is not encrypted and therefore does not pass through this tunnel.

If you feel the ASA is causing an issue and you control the devices on either side, you can capture the traffic and export to .pcap to wireshark for analysis.

Good luck

View solution in original post

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here