Hi,
I have two RV325's connected using Gateway to Gateway using static WAN's on both sides. I would like to enable an access rule to only allow only the static wan ip's access to IPSec on each of the RV's. When creating deny rules I noticed it never truly denies, even when explicitly setting the remove WAN ip.
When creating a G2G tunnel does the RV overwrite the access rules somehow?
Thanks!
-
RV32X> access-list show
-
access-list 1
-
interface: wan1
-
Enable
-
Deny
-
service: IPSEC_2 udp 4500
-
src ip: <remote_wan_ip>
-
dst ip: <local_wan_ip>
-
no log
-
time range always
-
access-list 2
-
interface: wan1
-
Enable
-
Deny
-
service: IPSec udp 500
-
src ip: <remote_wan_ip>
-
dst ip: <local_wan_ip>
-
log packets matching this rule
-
time range always
-
access-list 3
-
interface: wan1
-
Enable
-
Allow
-
service: HTTPS tcp 443
-
src ip: any
-
dst ip: any
-
no log
-
time range always
-
access-list 4
-
interface: lan
-
Enable
-
Allow
-
service: All Traffic all 1~65535
-
src ip: 192.168.0.1/255.255.255.0
-
dst ip: any
-
no log
-
time range always
-
-
access-list 5
-
interface: lan
-
Enable
-
Allow
-
service: All Traffic all 1~65535
-
src ip: 192.168.15.1/255.255.255.0
-
dst ip: any
-
no log
-
time range always
-
-
access-list 6
-
interface: lan
-
Enable
-
Allow
-
service: All Traffic all 1~65535
-
src ip: 192.168.1.1/255.255.255.0
-
dst ip: any
-
no log
-
time range always
-
-
access-list 7
-
interface: usb1
-
Enable
-
Deny
-
service: All Traffic all 1~65535
-
src ip: any
-
dst ip: any
-
no log
-
time range always
-
-
access-list 8
-
interface: usb2
-
Enable
-
Deny
-
service: All Traffic all 1~65535
-
src ip: any
-
dst ip: any
-
no log
-
time range always
-
-
access-list 9
-
interface: wan1
-
Enable
-
Deny
-
service: All Traffic all 1~65535
-
src ip: any
-
dst ip: any
-
no log
-
time range always
-
-
access-list 10
-
interface: dmz
-
Enable
-
Deny
-
service: All Traffic all 1~65535
-
src ip: any
-
dst ip: any
-
no log
-
time range always