I have an IPSEC tunnel created. I Would like to limit the encapsulated traffic.
If I open all the network 220.127.116.11/24 in the ACL applyed the connection to the 445 port of the server 18.104.22.168 works well. But if I open only this traffic it not works well, I can't connect to the 445 port.
You can view this in the attached diagram.
¿Maybe the ACL for IPSEC VPN only works with entire networks and it not works with more restrictive ACL?
Thans for your help.
Solved! Go to Solution.
The other peer is a FW and the rule is permit all traffic between both networks. Without port restrictions. I would like restrict ACL only in one of the extremes.
One side of the VPN is a FW Fortinet and the other is an old cisco with advanced IP services firmware installed.
¿Is necessary the same ACL (changing source and destination) in both extremes of the tunnel?