cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
491
Views
0
Helpful
2
Replies

ACL in VPN site to site

jfran10
Beginner
Beginner

Hi all, how are you?

 

I have a question that I hope you will help me with.

 

I have been doing some tests and I have noticed when I create a VPN site to site in ASA +8.3, and the internal interface does not have the pemit associated with the security level (allow any less secure network) I must create ACLs similar to the encryption domain. It's okay? is normal behavior? I have seen several manuals and none of them mention that I must create an ACL in addition to the encryption domain.

1 Accepted Solution

Accepted Solutions

Rob Ingram
VIP Expert VIP Expert
VIP Expert

Hi @jfran10 

Yes, if you have an ACL on the inside interface you have to permit traffic in order for it to be allowed. Most guides just cover setting up a VPN tunnel, it is expected the end user would already be permitting outbound traffic.

 

HTH

View solution in original post

2 Replies 2

Rob Ingram
VIP Expert VIP Expert
VIP Expert

Hi @jfran10 

Yes, if you have an ACL on the inside interface you have to permit traffic in order for it to be allowed. Most guides just cover setting up a VPN tunnel, it is expected the end user would already be permitting outbound traffic.

 

HTH

jfran10
Beginner
Beginner

Thanks Rob.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers