02-15-2016 07:06 AM
Hi All,
I have Cisco ASA firewall running 9.1 ios, with IPSec tunnel terminated on Outside interface which is up, the interesting traffic from other side peer is sourced with 192.168.10.2 to destination 172.16.10.2, And the ip 172.16.10.2 is Static NAT with 10.10.10.2 (Outside to Inside interfaces) at my End.
So Can some body Please explain me below points in this scenario.
1. what is Order of operation or Packet Flow for ASA 9.1 on outside interface with IPSec tunnel terminated on it.
2. Should my Access list on outside interface be with source 192.168.10.2 to Destination 10.10.10.2 ? , if i want to apply a filter.
Thanks in Advance.
Ali.
02-15-2016 08:47 AM
Your ACL should reference the real private IP address as the destination because NAT is processed before ACLs.
02-15-2016 10:01 AM
Thanks ,
could you brief me with packet flow list for 9.1 ios on outside interface with IPsec.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide