Re: Access list to allow IPSEC traffic through? [7:16367]

Fri, 17 Aug 2001 17:01:43 -0700 

access-list 101 permit esp host x.y.z.1 host a.b.c.d
access-list 101 permit ahp host x.y.z.1 host a.b.c.d

CM
----- Original Message -----
From: Jim Bond 
To: 
Sent: Saturday, 18 August, 2001 01:59
Subject: RE: Access list to allow IPSEC traffic through? [7:16367]


> How to permit or deny IP protocol 50 or 51?
> Access-list 100-199?
>
> Thanks in advance.
>
> Jim
>
> --- Kent Hundley  wrote:
> > Andy,
> >
> > For future reference, when in doubt its always best
> > to go to the source, i.e
> > the RFC's.  You can get a complete reference of the
> > RFC's at:
> >
> > http://www.rfc.net
> >
> > Having said this, in general for IPSec to work
> > you'll need to allow ISAKMP,
> > which uses UDP port 500.  This is _usually_ both the
> > source and destination
> > port, but not always.  Some VPN clients use a random
> > UDP source port, so
> > you'll have to allow for that unless you know for a
> > fact that your VPN
> > clients don't have this behavior.
> >
> > If you use ESP only (which is common), you just need
> > to also allow IP
> > protocol number 50.  If you use AH, you need to also
> > allow IP protocol 51.
> > (_not_ TCP/UDP port numbers, IP protocol numbers)
> > These will be both the
> > source and destination IP protocols.
> >
> > HTH,
> > Kent
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Andy
> > Sent: Friday, August 17, 2001 6:39 AM
> > To: [EMAIL PROTECTED]
> > Subject: Access list to allow IPSEC traffic through?
> > [7:16367]
> >
> >
> > Hi
> >
> > Does anyone know the correct requirements to allow
> > IPSEC traffic through an
> > access list on a perimeter router? Everything works
> > OK without the access
> > list in place.
> >
> > I know it's something to do with allowing the
> > correct port numbers/protocols
> > through, etc... but can't seem to find any more
> > info.
> >
> > Any help greatly appreciated.
> >
> >
> > Andy
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16434&t=16367
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to