cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

What ACLs is VPN trafffic subject to on a PIX?

Steven Holl
Cisco Employee
Cisco Employee

Okay, so I have two PIX devices connected with a site2site VPN tunnel. The crypto map is applied to the outside interfaces.

There are also ACLs blocking certain traffic applied 'in' the outside DMZ interface.

Is traffic from PIX B's internal network subject to the ACLs on PIX A's outside ACL? Or does being a member of the VPN tunnel bypass this outside ACL? What ACLs does PIX B's internal network traffic go through to get to PIX A's internal network?

1 REPLY 1

Steven Holl
Cisco Employee
Cisco Employee

Okay, doing more research....if the 'sysopt connection permit ipsec' command is enabled, then any vpn traffic is permitted to flow from PIX-B's inside interface to PIX-A's inside interface and bypass all ACLs.

:-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: