Hello group,
Topology: *R1 <-> ASA <-> R2* Traffic between R1 lo0(1.1.1.1) and R2 lo0(2.2.2.2) protected by l2l IPSec. I am using the following ACL on both inside and outside interfaces of ASA: *access-list VPN extended deny udp any any log* access-list VPN extended permit esp any any access-group VPN in interface outside access-group VPN in interface inside * *but I am able to bring up the tunnel from both inside and outside ... *Shouldn't blocking udp500/4500 block the tunnel construction?* Thanks in Advance, - Asif
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
