10-23-2019 06:25 PM - edited 02-21-2020 09:47 PM
we have 2 routers connected to each other via an IPSec tunnel. Both routers are on private networks so there is no natting going on.
The IPSec tunnel is fine and traffic is flowing between the local networks (crypto map/access lists are fine) via the tunnel.
I know I need to secure the outside interface but unsure what sort of ACL is needed so that only IPSec traffic is allowed both in and out and no other traffic enters/leaves the router unless it is via the IPSec tunnel.
10-23-2019 07:21 PM
10-27-2019 11:48 AM
Yes, the routers are on private subnets as they are internal routers. This particular one requires IPSec between the endoints to secure the traffic so basically all traffic from the lan needs to go through the vpn with nothing going through the outside interface.
10-27-2019 07:57 PM
10-27-2019 11:49 PM
yes I applied an ACL for IPSec on the outside interface in the IN direction and it appears to be working. All other lan traffic is listed as interesting traffic for the vpn.
Is this enough to prevent any traffic leaving the router unencrypted?
10-30-2019 05:46 PM
11-14-2019 06:53 PM - edited 12-08-2022 06:05 AM
When configuring the Client SSH authentication using RAS , pasted at the box indicated for SG350 , caught error , "Key header expected " where from the show CLI , none such inform listed ?
YES, FROM <...> HEADER INCLUDED LATER, IT CONFIGURED THROUGH.
12-08-2022 06:03 AM
Would SSL L2TP, such vpn setting block, LAG group lan.port.Router(s)' connection ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: