06-03-2002 08:27 AM - edited 02-21-2020 11:46 AM
Could you confirm me that when an input acl is enabled together with IPSec on the same inbound interface the acl is checked twice before and after decryption ?
I would enable a filter that allows only encrypted packet but if acl is checked twice I need to add also end-to-end IP Packet. Well in this last case every one also not encrypted source could try to get in (DoS).
Thanks for any feedback
Marco
06-04-2002 09:22 PM
This was resolved around end of 2001 so later images will not re-inject the packet back through the acl once it has been decrypted. Check bug ID: CSCdu58486
06-07-2002 06:29 AM
Thanks. But I have red also the bug description. It's not clear if the double check of the access-list is correct or not since it seems from there that acl that occurs only once is wrong....
It seems that testing 12.1(4) was correct instead of testing 12.2(1). Infact the bug is solved in 12.2(4). But what's the bug ?
Marco
06-10-2002 06:47 AM
You guys might want to take a look at this Bug: CSCdt94387
It doesn't look like it has been fixed yet.
06-14-2002 04:06 AM
It seems much more close to the issue.
Marco
10-10-2002 05:44 AM
I have opened a case about this issue and it seems there is another bug on which Cisco is still working on (CSCdm01118).
Thanks to everybody for the feedback.
Marco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide