Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
0
Helpful
0
Replies

Reflexive ACL and IPSec VPN tunnel

anthony_chedid1
Level 1
Level 1

‎04-11-2016 02:29 AM - edited ‎02-21-2020 08:46 PM

Hello,

In my topology (attached below) I've configured an IPSec tunnel successfully and all hosts can ping each other with no problems.

My goal is: - Host 3 (192.168.3.1/24) can ping Host 2 (172.16.2.1/24)

            - Host 2 can ping Host 3

            - Host 1 (192.168.4.1/24) can ping Host 3

            - Host 3 cannot ping Host 1

            - Host 1 can ping Host 2

            - Host 2 cannot ping Host 1

I configured the following ACLs on the router R1:

ip access-list extended out-host 3

permit ip 172.16.2.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255 reflect mirror

----------------------------

ip access-list extended out-host 1

evaluate mirror

----------------------------

And this one on the router R2

ip access-list extended out-host 2

permit ip 192.168.3.0 0.0.0.255 172.16.2.0 0.0.0.255

permit ip 192.168.4.0 0.0.0.255 172.16.2.0 0.0.0.255 reflect mirror

--------------------------------------

Host 3 and 2 can ping each other successfully.

Host 3 cannot reach Host 1 (success)

but Host 1 cannot reach Host 2 and I know that the reflexive ACL is unable to pass through the IPSec tunnel so what should I do to make it work ?

Thank you.

Labels:
Preview file
28 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents