Cisco Router and IP Protocols for IPsec
Chen, Ken C
ken.c.chen at LMCO.COM
Mon Jan 10 16:54:56 EST 2000
Thanks for everyone's reply to this subject!
One last question, do I need TCP open for IPsec to function properly? I
know there is an implicit deny all at the end of the list, but just thought
I'd throw in a line just to be safe... and for clarification.
-----Original Message-----
From: Markus Hofmann [mailto:markus at HOFMAR.DE]
Sent: Monday, January 10, 2000 10:09 AM
To: VPN at SECURITYFOCUS.COM
Subject: Re: Cisco Router and IP Protocols for IPsec
On Fri, 7 Jan 2000, Dana J. Dawson wrote:
> access-list 100 permit esp any host 1.2.3.4
> access-list 100 permit ahp any host 1.2.3.4
> access-list 100 permit udp any host 1.2.3.4 eq isakmp
>
> The above list allows IPSec traffic from anywhere (the "any" keyword) to
the
> host at IP address "1.2.3.4".
This only allows incomig ipsec packets. Additional you need to setup the
same ACLs in the other direction.
access-list 100 permit esp any host 1.2.3.4
access-list 100 permit ahp any host 1.2.3.4
access-list 100 permit udp any host 1.2.3.4 eq isakmp
access-list 100 permit esp host 1.2.3.4 any
access-list 100 permit ahp host 1.2.3.4 any
access-list 100 permit udp host 1.2.3.4 any eq isakmp
yours sincerely
M. Hofmann
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Markus Hofmann Phone: +49 170 2848250
St. Urbanusstr. 15 Fax: +49 9371 2032
E-Mail: hofmann at hofmar.de
63927 Buergstadt SMS-Mail: sms at hofmar.de (Only Subject)
Germany PGP-Keys: look at http://www.hofmar.de
---------------------------------------------------------------------
Only written with 100% recycleable electrons!
VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list