Cisco ESW-520-48P-K9 Software Guide - Page 87
access-list 103 permit esp host 200.1.1.1 any
View all Cisco ESW-520-48P-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 87 highlights
Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation Configuration Example ! ! Utilize NAT overload in order to make best use of the ! single address provided by the ISP. ip nat inside source list 102 interface Ethernet1 overload ip classless ip route 0.0.0.0 0.0.0.0 210.110.101.1 no ip http server ! ! ! acl 102 associated addresses used for NAT. access-list 102 permit ip 10.1.1.0 0.0.0.255 any ! acl 103 defines traffic allowed from the peer for the IPsec tunnel. access-list 103 permit udp host 200.1.1.1 any eq isakmp access-list 103 permit udp host 200.1.1.1 eq isakmp any access-list 103 permit esp host 200.1.1.1 any ! Allow ICMP for debugging but should be disabled because of security implications. access-list 103 permit icmp any any access-list 103 deny ip any any ! Prevents Internet-initiated traffic inbound. ! acl 105 matches addresses for the IPsec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 no cdp run OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 7-11