Guys,
I am trying my best to figure this out.
I have the following:
PC ----> ZFW router ----> EZVPN server
I have the flowing configuration on ZFW router
class-map type inspect match-any i2o
match access-group 104
!
policy-map type inspect i2o
class type inspect i2o
inspect
class class-default
drop
access-list 104 permit esp any any
access-list 104 permit udp any any eq isakmp
I am able to connect to the EZVPN router using my IPSec client through ZFW. The
PC receives the EZVPN pool address and gateway.
After the IPSec client established the connection I see the ACL counters
increment, even when I try to PING.
Extended IP access list 104
10 permit esp any any (8 matches) <<<< PING packets
20 permit udp any any eq isakmp (4 matches) <<<< IPSec connection
For some reason I do not get the reply back.
I did not include "ip any any" on the ACL since my traffic is passing through
the tunnel and in my opinion I do not need this.
Best Regards.
______________________
Adil
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
