Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1122
Views
0
Helpful
2
Replies

Site-to-Site VPN using IPSEC

c.albrisi
Level 1
Level 1

‎10-25-2000 02:42 AM - edited ‎02-21-2020 11:14 AM

Hi everybody,

I want to build a VPN between two sites, they are using two IOS router ( 2610 ) connected to Internet using a leased line both are equipped actually with IOS Firewall, with also an inbound access-list and CBAC. The access-list deny anything that is not originated from inside.

I know that I have to permit AHP and ESP + UDP 500. But what will happen to incoming telnet encrypted traffic, for example, it will be evaluated against the existing access-list or not ?

Labels:
0 Helpful
2 Replies 2

cdbush
Level 1
Level 1

‎10-30-2000 01:40 PM

Not if it's inside the IPSEC tunnel. IPSEC will put it's own headers on the packet and they will be removed after the packet has been authenticated at the far end router. The original packet with original header will then be forwarded to the inside of your network.

0 Helpful

jbohla
Level 1
Level 1

‎10-31-2000 01:06 PM

It really depends on how your acl is written. Once you allow the inbound for encryption, the rest of the acl should still deny other inbound traffic. I started off by looking at the config examples on the TAC pages but be sure to test them first.

0 Helpful
Customers Also Viewed These Support Documents