|
Posted by ponga on July 1, 2009, 2:25 pm
Please log in for more thread options
Got it!! That's the part I was missing. I was not sure what the
meaning of that "match address" line was doing. Now I understand.
Also, without the "sysopt permit ipsec" line, I *GUESS* that I am now
able to apply rules to the ACL that is applied to the outside
interface and therefore filter with that ACL. I'm guessing that's how
that works. I've added rules to that that ACL, but I am not seeing any
counts for the rules I have added, though traffic is still flowing.
Perhaps clear the crypto sa's... don't know. But I think I have a
handle on it now.
Thanks to EVERYONE that replied!!
--ponga
|
| Similar Threads | Posted |
| How-to restrict traffic exiting VPN tunnel to certain hosts / ports ?? | June 30, 2009, 4:48 pm |
| restrict port connections on switch for known hosts only | June 16, 2006, 8:30 am |
| restrict PC traffic speed on the lan | August 10, 2008, 1:11 pm |
| Cisco PIX EasyVPN site2site - Restrict traffic | December 6, 2006, 6:33 am |
| Cisco 515 VPN Traffic can not ping internal hosts | May 17, 2006, 1:33 pm |
| exiting out of "show run" on PIX | July 11, 2006, 3:32 pm |
| hosts can only ping other hosts after router has pinged them? | June 3, 2006, 9:47 pm |
| PIX 7.0.4 tunnel all traffic. | November 3, 2005, 12:27 pm |
| PIX 501 S2S VPN - Tunnel Up - No Traffic | April 15, 2006, 11:44 am |
| *some* return traffic not going through vpn tunnel (although not all) | December 20, 2005, 10:17 am |
| PIX lan-to-lan IPSEC comes up...no traffic passes tunnel | November 2, 2005, 6:28 pm |
| solution to "*some* return traffic not going through vpn tunnel (although not all)" | January 31, 2006, 12:47 pm |
| WAN, Routing and Switching: Route some IP traffic over tunnel | January 15, 2007, 6:16 am |
| ASA5510 with Cisco VPN client. No traffic over VPN tunnel | May 15, 2008, 4:53 am |
| Using an ASA's AIP SSM module to inspect traffic going into and coming out of a VPN tunnel. | January 22, 2009, 12:14 pm |
How-to restrict traffic exiting VPN tunnel to certain hosts / ports ??
Yahoo!
Google
Windows Live
del.icio.us
digg
Netscape
> > crypto map Reservations 11 ipsec-isakmp
> > =A0description Tunnel toNoWhere
> > =A0set peer 1.2.3.4
> > =A0set transform-set ESP-3DES-SHA1
> > =A0match address 106
> > !
> > I'm not sure what role this "match address" business plays, is that
> > like "access-group"'ing an ACL to an interface?
> access-list 106 describes the traffic to be encrypted through the crypto
> map.
> If you want to restrict traffic after or before encrytion via crypto map
> refer to
> <http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_crp...=
> Perhaps better want a logical tunnel interface using ipsec profiles and
> tunnel protection. The config is more straightforward and also support
> routing protocols.
> --
> ULi