Solved

VPN IPSEC quick question

Posted on 2009-07-14
1
254 Views
Last Modified: 2012-05-07
if I have IPSEC tunnels to and from my sites, do they bypass any ACLs on those sites

ie:
I have 172.16.1.0 and 172.16.2.0. They have a tunnel to themselves over the internet
If I have an ACL on the 172.16.1.0 firewall, that says "deny ip any any" applied to the inside interface, will the tunnel still work?
0
Comment
Question by:WERAracer
1 Comment
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 24852635
With Cisco ASA's the command " sysopt connection permit-ipsec  and sysopt connection permit-vpn " allow packets from an IPsec tunnel  to bypass ACLs on the security appliance.

The tunnels will usually not work without it.  

Here's the reference: http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution12
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question