ASA VPN Tunnel access list WARNING
Posted on 2011-09-02
I have a site to site VPN tunnel setup and working between a 5520 and 5505. However, when locking down the crypto access-list by specific ports, I received the following warning:
WARNING: access-list has port selectors. This may impact performance.
An example is:
access-list outside_cryptomap ext permit tcp 172.16.0.0 255.255.255.0 host 10.200.0.40 eq 3389
So should I only use ip instead?
access-list permit ip 172.16.0.0 255.255.255.0 host 10.200.0.40
If so, how what is the recommendation on how to lock this down? Or perhaps I should just ignore the 'This may impact performance' warning?