Hello
I have 2 ISR's. Site A is located in a country that does not allow VOIP, So I am trying to tunnel that traffic to use my internet connection at Site B. All other non-interesting traffic from Site A should still use Site A's internet connection.
If I am doing this, is there any need to create the inverse ACL on the side that permits VOIP? As I do not want to tunnel my voip traffic from site B back to A?
Here is the relevant bits of config for Site A:
ip nat inside source list Nat_Rules interface GigabitEthernet0/1/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 94.x.x.x
ip scp server enable
!
!
ip access-list extended Nat_Rules
remark This traffic will be natted
permit tcp 10.0.22.0 0.0.0.255 eq 443 any
permit tcp 10.0.22.0 0.0.0.255 eq pop2 any
permit tcp 10.0.22.0 0.0.0.255 eq pop3 any
permit tcp 10.0.22.0 0.0.0.255 eq smtp any
permit tcp 10.0.22.0 0.0.0.255 eq ftp any
permit tcp 10.0.22.0 0.0.0.255 eq ftp-data any
permit tcp 10.0.22.0 0.0.0.255 eq www any
ip access-list extended VPN_Rules
remark This traffic will go through the VPN
permit tcp 10.0.22.0 0.0.0.255 eq 1935 any
permit tcp 10.0.22.0 0.0.0.255 range 19302 19309 any
permit udp 10.0.22.0 0.0.0.255 range 19302 19309 any
permit udp 10.0.22.0 0.0.0.255 eq 1935 any
!
What would the inverse of this look like for Site B? My Nat for that is currently
access-list 75 permit 10.0.25.0 0.0.0.255
But I assume this would need some rule changes too?
Sorry if this seems a little vague but I can try and add more necessary details if requested