09-12-2013 06:49 PM
Hi,
Quick question around the route inside 0.0.0.0 0.0.0.0 192.168.1.2 tunneled command.
Do you need to add any u-turn traffic to the inside interfaces ACL (eg internet bound http traffic) or does "same-security-traffic permit intra-interface" negate the need for this?
So if my remote vpn site on the outside is 10.1.1.0/24 do I need to add incoming permit statements for the 10.1.1.0/24 on my inside interface.
Thanks
Solved! Go to Solution.
09-14-2013 03:33 PM
same-security-traffic permit intra-interface allows ingress-then-egress traffic on a single interface
incoming permit 10.1.1.0/24 statement in the ACL allows (egress-then-)ingress traffic on a single interface, but you need to disable RPF check
09-14-2013 03:33 PM
same-security-traffic permit intra-interface allows ingress-then-egress traffic on a single interface
incoming permit 10.1.1.0/24 statement in the ACL allows (egress-then-)ingress traffic on a single interface, but you need to disable RPF check
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide