Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
206
Views
0
Helpful
1
Replies

Need help in allowing access VPN POOL for IOS firewall

r.docuyanan
Level 1
Level 1

‎05-31-2004 01:48 AM - edited ‎02-21-2020 01:11 PM

Hi,

I have an IOS firewall with two interface

f0/0(outside) with access-list 102

f0/1(inside) with access-list 101

Im a little bit confused where to put the access-list for the VPN POOL

is it on the outside or inside interface

and

is it this way say for inside:

access-list 101 permit ip VPN_POOL MASK LAN_NETWORK

MASK

or

access-list 101 permit ip LAN_NETWORK MASK VPN_POOL MASK

Thanks

RJ

Labels:
0 Helpful
1 Reply 1

ehirsel
Level 6
Level 6

‎06-01-2004 04:07 AM

I believe that you need to refer to the vpn pool on an acl applied to the outside interface to allow the inbound connections from the vpn clients. To allow the return traffic - if you are not using CBAC - then you will need to code the inverse acl on the inside interface like this: access-list 101 permit ip lan-net lan-net-mask vpn-pool vpn-pool-mask

You need to code both the source and dest networks and masks in the extended acl unless you use any for the dest. Note that the masks are wildcard, not subnet, masks.

You may find it easier to configure CBAC so that you don't have to worry about configuring the corresponding inverse-acl on the inside interface for the return traffic.

0 Helpful
Customers Also Viewed These Support Documents