cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
676
Views
0
Helpful
2
Replies

ACL in VPN site to site

jfran10
Level 1
Level 1

Hi all, how are you?

 

I have a question that I hope you will help me with.

 

I have been doing some tests and I have noticed when I create a VPN site to site in ASA +8.3, and the internal interface does not have the pemit associated with the security level (allow any less secure network) I must create ACLs similar to the encryption domain. It's okay? is normal behavior? I have seen several manuals and none of them mention that I must create an ACL in addition to the encryption domain.

1 Accepted Solution

Accepted Solutions

Hi @jfran10 

Yes, if you have an ACL on the inside interface you have to permit traffic in order for it to be allowed. Most guides just cover setting up a VPN tunnel, it is expected the end user would already be permitting outbound traffic.

 

HTH

View solution in original post

2 Replies 2

Hi @jfran10 

Yes, if you have an ACL on the inside interface you have to permit traffic in order for it to be allowed. Most guides just cover setting up a VPN tunnel, it is expected the end user would already be permitting outbound traffic.

 

HTH

jfran10
Level 1
Level 1

Thanks Rob.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: