Hi,
I need to mark IPSec packets coming from our Firewalls (Checkpoint). We are doing IPSec VPN's between the Firewalls NOT THE ROUTERS in a topology like this:
LAN1--FW1--Router1----WAN-----Router2-FW2--LAN2
Since encryption is already done, how do I match this packets using access-list on the routers? Would match protocol 500 be enough?
Thanks in advance
Carlos