cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
744
Views
0
Helpful
3
Replies

Basic S2S crypto ACL question

neteng2323
Level 1
Level 1

We have FTD.  I have a Dynamic S2S tunnel with an any/any defined to a bunch of Cradlepoints as that's how I was able to get it to work at the time.  

Will creating a new Static tunnel with any/any defined for the local and remote networks cause a conflict between these 2 tunnels?  In other words, can you just have one any/any tunnel in the same FW instance/environment?

1 Accepted Solution

Accepted Solutions

YES / NO depends on the setup and behaviour ( never done any /any - if more than 1 tunnel for my self)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

Personally, i would not advise having any any / that is not security best practice, Do specific route based or subnet based allow list respected VPN is good practice

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I agree.  I plan to fix it.  My question is can it cause a problem to have more than one tunnel with any/any defined?

YES / NO depends on the setup and behaviour ( never done any /any - if more than 1 tunnel for my self)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help