11-29-2011 12:20 PM
Hi all,
I have configured our VPN router for access for all our mobile clients. Our private VPN range is going to be 172.16.10.x/24. Do I need to add ACL permit rules for this range on our inbound ACL to all the inside LANs to facilitate access for the VPN users?
eg int S0/0/0
ip address 85.x.x.x
ip access-group 100 in
access-list 100 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255
If I understand things correctly, once the user connects, the VPN is tunnelled as far as the inside of the interface, so traffic passing through the VPN is encapsulated and hence wouldnt appear as a private IP?
All comments are greatly appreciated.
Paul
Solved! Go to Solution.
11-30-2011 05:13 AM
Sorry I mean to say you should not edit outside acl for vpn traffic for rest of the things you can do it.
Thanks
Ajay
11-29-2011 12:40 PM
Acl on outside interface is not required.
Thanks
Ajay
11-30-2011 04:59 AM
The ACL is already in place as it controls access to the rest of the site. There is no seperate firewall.
Thanks.
11-30-2011 05:13 AM
Sorry I mean to say you should not edit outside acl for vpn traffic for rest of the things you can do it.
Thanks
Ajay
11-30-2011 11:43 AM
Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide