I think it's OK to let the VPN traffic in on the serial interface through the access-list. I haven't been able to get it to wok any other way.
""Mark Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Just a small note on your #3 question: > While reading up on implementing VPN Tunnels terminated between two Cisco > routers, I came across a blurb from the CCO site stating that Cisco is > recommending you choose IPSEC for VPN tunnels, as they are moving away from > (it's already deemed obsolete) CET based VPNs. I can't remember if they > stated that the were even going to REMOVE CET from the IOS after a certain > version, but it's possible. > > I'd go into answering your first two questions, but I just did an > all-nighter on a VoIP with VPN Tunnels trial, and am way too tired to > collect the words needed to answer :) > > Just remember - IPSEC is the standard, so it probably would be wise (for the > future) to implement it, rather than a vendor proprietary solution. > > Mark Odette II > StellarConnection Services > CCNA, 3/4 CCNP, etc., etc. > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Ramesh c > Sent: Wednesday, December 05, 2001 5:06 AM > To: [EMAIL PROTECTED] > Subject: IOS firewall [7:28170] > > > Hi folx, > > I got a lease line connected to private network and ethernet port connected > to Internet.The router is configured as IOS firewall.I am planning to do a > VPN to another office. > > 1)Can I turn off CBAC and just use the access-list for security purpose? > 2)As default Outside cannot reach inside,if i just create an access-list to > allow packets from VPN to reach inside..is it safe? > > 3)Since its cisco devices..which VPN is good CET or IPSEC? > > Cheers > Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28195&t=28170 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
