Solved: Inbound ACL for public VPN router

Paul Morgan · ‎11-29-2011

Hi all,

I have configured our VPN router for access for all our mobile clients. Our private VPN range is going to be 172.16.10.x/24. Do I need to add ACL permit rules for this range on our inbound ACL to all the inside LANs to facilitate access for the VPN users?

eg int S0/0/0

ip address 85.x.x.x

ip access-group 100 in

access-list 100 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255

If I understand things correctly, once the user connects, the VPN is tunnelled as far as the inside of the interface, so traffic passing through the VPN is encapsulated and hence wouldnt appear as a private IP?

All comments are greatly appreciated.

Paul

ajay chauhan · ‎11-30-2011

Sorry I mean to say you should not edit outside acl for vpn traffic for rest of the things you can do it.

Thanks

Ajay

View solution in original post

ajay chauhan · ‎11-29-2011

Acl on outside interface is not required.

Thanks

Ajay

Paul Morgan · ‎11-30-2011

The ACL is already in place as it controls access to the rest of the site. There is no seperate firewall.

Thanks.

ajay chauhan · ‎11-30-2011

Sorry I mean to say you should not edit outside acl for vpn traffic for rest of the things you can do it.

Thanks

Ajay

Paul Morgan · ‎11-30-2011

Thanks for your help.