Cisco Router and IP Protocols for IPsec

Markus Hofmann markus at HOFMAR.DE
Mon Jan 10 10:09:21 EST 2000


On Fri, 7 Jan 2000, Dana J. Dawson wrote:

>     access-list 100 permit esp any host 1.2.3.4
>     access-list 100 permit ahp any host 1.2.3.4
>     access-list 100 permit udp any host 1.2.3.4 eq isakmp
>
> The above list allows IPSec traffic from anywhere (the "any" keyword) to the
> host at IP address "1.2.3.4".

This only allows incomig ipsec packets. Additional you need to setup the
same ACLs in the other direction.

access-list 100 permit esp any host 1.2.3.4
access-list 100 permit ahp any host 1.2.3.4
access-list 100 permit udp any host 1.2.3.4 eq isakmp
access-list 100 permit esp host 1.2.3.4 any
access-list 100 permit ahp host 1.2.3.4 any
access-list 100 permit udp host 1.2.3.4 any eq isakmp

yours sincerely

M. Hofmann

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Markus Hofmann          Phone:    +49 170 2848250
St. Urbanusstr. 15      Fax:      +49 9371 2032
                        E-Mail:   hofmann at hofmar.de
63927 Buergstadt        SMS-Mail: sms at hofmar.de (Only Subject)
Germany                 PGP-Keys: look at http://www.hofmar.de
---------------------------------------------------------------------
         Only written with 100% recycleable electrons!

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list