Hi, I'm setting up an GET VPN environmet at a security ProtcorLabs pod. My scenario looks like this:
Used devices: cat2, r1, r7, r8 cat2: vlan 2, int vlan2: ip addr 2.2.2.254 vlan 7, int vlan 7: ip addr 7.7.7.254 vlan 8, int vlan 8: ip addr 8.8.8.254 Server: r1 Clients: r7 and r8 r1: fa0/1: ip addr 2.2.2.1, lo0: 22.22.22.1. Default route to fa0/1. r7: fa0/0: ip addr 7.7.7.1, lo0 77.77.77.1. Default route to fa 0/0. r8: fa0/0: ip addr 8.8.8.1, lo0 88.88.88.1. Default route to fa 0/0. I want to protect traffic between the loopbacks of my router. But I'm not sure how I have to configure my ACL to only match this traffic. The Cisco documentation states: "Ensure that your ACL starts with a deny statement if all traffic does not need to be encrypted." So in my case, this would be the following ACL? ip access-list extended GET_VPN deny ip host 2.2.2.1 any deny ip host 8.8.8.1 any deny ip host 7.7.7.1 any permit ip host 22.22.22.1 any permit ip host 77.77.77.1 any permit ip host 88.88.88.1 any TIA. Have a nice weekend Simon _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
