Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
0
Helpful
1
Replies

VPN traffic need specific ACLs?

Go to solution
Michael Bradt
Level 1
Level 1

‎04-18-2014 08:53 AM

I'm having an issue with DCs replicating and wanted to rule out the ASAs each are using for the VPN tunnels. 

Once the VPN established does traffic still need an any any ip ACL to allow any and all inside traffic between these two subnets?

This is between a 5510 and 5505.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lee Valentin
Level 1
Level 1

‎04-18-2014 10:27 AM

No, the any any is not required. The traffic that is configured for VPN is only interesting traffic designated to be encrypted. All other traffic is not encrypted and therefore does not pass through this tunnel.

If you feel the ASA is causing an issue and you control the devices on either side, you can capture the traffic and export to .pcap to wireshark for analysis.

Good luck

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Lee Valentin
Level 1
Level 1

‎04-18-2014 10:27 AM

No, the any any is not required. The traffic that is configured for VPN is only interesting traffic designated to be encrypted. All other traffic is not encrypted and therefore does not pass through this tunnel.

If you feel the ASA is causing an issue and you control the devices on either side, you can capture the traffic and export to .pcap to wireshark for analysis.

Good luck

0 Helpful
Customers Also Viewed These Support Documents