Does it mean If i had access-list acl-vpn permit ip 192.168.1.0 /24 172.16.1.0 /24 my outside access-list would be backward like access-list outside permit ip 172.16.1.0 /24 192.168.1.0 /24?
And there would not be needed any access-list at outside permitting ESP/AH or udp/500 in any way? On Wed, Sep 29, 2010 at 1:47 PM, 'Segun Daini <[email protected]> wrote: > You will need to permit your crypto acl on the interface the vpn > terminates. > > > Sent from Yahoo! Mail on Android > > ------------------------------ > * From: * Bruno <[email protected]>; > * To: * CCIE Security Maillist <[email protected]>; > * Subject: * [OSL | CCIE_Security] no sysopt connection permit-vpn > * Sent: * Wed, Sep 29, 2010 4:43:09 PM > > What is supposed to be opened when we do not deploy "sysopt connection > permit-vpn"? > It has to be something on the outside access-list but what traffic exactly. > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
