Solved: Re: Basic S2S crypto ACL question

neteng2323 · ‎04-14-2021

We have FTD. I have a Dynamic S2S tunnel with an any/any defined to a bunch of Cradlepoints as that's how I was able to get it to work at the time.

Will creating a new Static tunnel with any/any defined for the local and remote networks cause a conflict between these 2 tunnels? In other words, can you just have one any/any tunnel in the same FW instance/environment?

balaji.bandi · ‎04-14-2021

YES / NO depends on the setup and behaviour ( never done any /any - if more than 1 tunnel for my self)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎04-14-2021

Personally, i would not advise having any any / that is not security best practice, Do specific route based or subnet based allow list respected VPN is good practice

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

neteng2323 · ‎04-14-2021

I agree. I plan to fix it. My question is can it cause a problem to have more than one tunnel with any/any defined?

balaji.bandi · ‎04-14-2021

YES / NO depends on the setup and behaviour ( never done any /any - if more than 1 tunnel for my self)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help