	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

06/03/2009 at 02:42PM PDT, ID: 24461822

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

5.0

Access Lists on IPSEC VTIs (Cisco IOS)

Asked by Pres_Fltsimbuff in IPSec Security Protocol, Network Routers, Virtual Private Networking (VPN)

Tags: Cisco IOS IPSEC VTI Tunnel ACL

I have converted some Crypto maps on Cisco IOS to to use Tunnel interfaces. Unfortunately, I have found that traffic is not obeying the "ip access-group xxx in" command on the tunnel interface. Everything just bypasses the list. With crypto maps, I'd add this using "set ip access-group xxx in" on the map entry.

Is there somewhere else I ought to be putting the access list?

This is IOS 12.4

View the Solution FREE for 30 Days

         
           
           
             interface Tunnel2
 ip unnumbered Vlan1
 ip access-group 135 in
 tunnel source x.x.x.x
 tunnel destination y.y.y.y
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile TUNNEL_PROFILE
 
Extended IP access list 135
    10 permit tcp any any established
    20 permit icmp any any echo-reply
    30 deny ip any any log

           
         

20090824-EE-VQP-74 - Hierarchy / EE_QW_3_20080625

1. JFrederic...35,450
2. lrmoore33,932
3. MikeKane33,565
4. bignewf31,648
5. ikalmar28,425
6. RobWill23,749
7. arnold22,751
8. jodylemoine21,600
9. dpk_wal21,550
10. asavener20,650
11. Qlemo19,735
12. deimark18,355
13. kenboonejr14,500
14. 3nerds13,600
15. surbabu1...11,950
16. mitrushi11,500
17. batry_boy11,000
18. RPPreacher9,250
19. geergon8,700
20. MrHusy8,416
21. Paranorm...7,664
22. equalizer7,500
23. Quori7,125
24. ccomley7,000
25. decoleur6,844

1. lrmoore434,514
2. RobWill220,523
3. batry_boy130,817
4. richrumble111,117
5. rsivanandan66,407
6. dpk_wal65,975
7. arnold61,186
8. JFrederic...55,250
9. ahoffmann44,523
10. Cyclops3...41,977
11. MikeKane40,065
12. bignewf36,048
13. decoleur35,858
14. grblades35,012
15. harbor23534,898
16. pseudocy...34,059
17. PeteLong29,855
18. Qlemo29,075
19. ikalmar28,425
20. tim_holman27,445
21. kbbcnet26,524
22. MrHusy26,116
23. ebjers25,140
24. RPPreacher24,592
25. Voltz-dk24,020

Access Lists on IPSEC VTIs (Cisco IOS)

Asked by Pres_Fltsimbuff in IPSec Security Protocol, Network Routers, Virtual Private Networking (VPN)

Tags: Cisco IOS IPSEC VTI Tunnel ACL

About this solution