mattnmilw
asked on
PIX 525 that is doing NAT, ACL's and IPSec tunnels
If the client is terminating IPSec tunnels on the PIX. Will traffic still need to meet ACL criteria to be passed to the
trusted side of the PIX? The reason that I am asking is because of the way they have their PIX configured. This is not a
question about setting up an IPSec tunnel as much as the flow of the traffic. This tunnel is passing traffic. So what I want to verify is after the tunnel has agreed upon parameters and before traffic begins to flow, will it need to pass through the access-list acl_out before going to the trusted side?
trusted side of the PIX? The reason that I am asking is because of the way they have their PIX configured. This is not a
question about setting up an IPSec tunnel as much as the flow of the traffic. This tunnel is passing traffic. So what I want to verify is after the tunnel has agreed upon parameters and before traffic begins to flow, will it need to pass through the access-list acl_out before going to the trusted side?
Well i am not sure if i am reading this question right but when you permit ipsec peers or networks you add them to a seperate acl because you are normally trusting private Ip addresses. So unless your acl_out is tied to your crypto map statement then no it wouldnt go through that acl.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
good explanation of those commands and what they do.
hey lrmoore, yeah no long time no see for sure. As for Alabama they will be lucky to win a few more games and i dread playing Auburn.
hey lrmoore, yeah no long time no see for sure. As for Alabama they will be lucky to win a few more games and i dread playing Auburn.
I'll never hear the end of it. Wife's a big Auburn fan....
"that's what you get for showing off" (52-0 in game where Croyle got hurt at the very end)
"shouldn't have had him on the field anyway, shoulda let the backup QB's get a few plays in"
on and on and on.....
Thanks for the points, Matt!
"that's what you get for showing off" (52-0 in game where Croyle got hurt at the very end)
"shouldn't have had him on the field anyway, shoulda let the backup QB's get a few plays in"
on and on and on.....
Thanks for the points, Matt!