Cisco Router and IP Protocols for IPsec
Markus Hofmann
markus at HOFMAR.DE
Mon Jan 10 10:09:21 EST 2000
On Fri, 7 Jan 2000, Dana J. Dawson wrote:
> access-list 100 permit esp any host 1.2.3.4
> access-list 100 permit ahp any host 1.2.3.4
> access-list 100 permit udp any host 1.2.3.4 eq isakmp
>
> The above list allows IPSec traffic from anywhere (the "any" keyword) to the
> host at IP address "1.2.3.4".
This only allows incomig ipsec packets. Additional you need to setup the
same ACLs in the other direction.
access-list 100 permit esp any host 1.2.3.4
access-list 100 permit ahp any host 1.2.3.4
access-list 100 permit udp any host 1.2.3.4 eq isakmp
access-list 100 permit esp host 1.2.3.4 any
access-list 100 permit ahp host 1.2.3.4 any
access-list 100 permit udp host 1.2.3.4 any eq isakmp
yours sincerely
M. Hofmann
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Markus Hofmann Phone: +49 170 2848250
St. Urbanusstr. 15 Fax: +49 9371 2032
E-Mail: hofmann at hofmar.de
63927 Buergstadt SMS-Mail: sms at hofmar.de (Only Subject)
Germany PGP-Keys: look at http://www.hofmar.de
---------------------------------------------------------------------
Only written with 100% recycleable electrons!
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list