PerimeterIT
asked on
ACL to filter ipsec traffic
We have a branch office connected to our main site with an IPSEC tunnel.
Inside said office is a printer that someone at the main site won't stop printing too by accident.
How can we setup an ACL to block all traffic to the specific IP of the printer and so we can SYSLOG who is doing it?
Inside said office is a printer that someone at the main site won't stop printing too by accident.
How can we setup an ACL to block all traffic to the specific IP of the printer and so we can SYSLOG who is doing it?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if that your normal ACL to go from Site B (10.10.10.0/24) to your HQ site (20.20.20.0/24)
R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
so let's say that your Printer IP in HQ Site is 20.20.20.5 and you want to deny it from ip 10.10.10.5 you simply modify it to be:
R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# deny ip host 10.10.10.5 host 20.20.20.5 log
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255