Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1324
Views
3
Helpful
1
Replies

Firewall rules for VPN ipsec

Greg Maaaag
Level 1
Level 1

‎02-16-2013 08:15 AM - edited ‎02-21-2020 06:42 PM

Hi everyone!

We've got about 10 routers 1941 and 881w connected to asa with vpn ipsec site-to-site.

for example, asa wan ip 89.100.1.1 local subnet 192.168.1.0/24

881w wan ip 89.100.1.2 local subnet 192.168.2.0/24

I want to set up firewall on incoming connections for asa

I opened udp 500 and 4500 ports, allowed protocols esp and ah.

But traffic doesn't pass from 192.168.1.0 subnet to 192.168.2.0 subnet.

What more rules should I make?

Labels:
0 Helpful
1 Reply 1

Andrew Phirsov
Level 7
Level 7

‎02-16-2013 12:53 PM

By default all trafic that inside the tunnel is allowed through an ASA. Its because sysopt connection permit vpn is in the run config by default. If it's not in your case, just add that string.

But most probably the problem is in smth related to vpn-tunnel establishment, proxy-acl's and routing between the subnets.

Do you see the tunnel come up? What's in the sh crypto isakmp sa, sh crypto ipsec sa?

Customers Also Viewed These Support Documents