AS-5500: Do access lists work the same in firewall vs. VPN?

- R
- Ramon F Herrera
  
  Contact options for registered users
posted
17 years ago

Thu, Feb 22, 2007 11:31 PM

Until now, I have installed firewalls and VPN boxes in parallel, as two separate devices. Now, however, I am working with an AS-5500 and I am a little confused about the interaction between the two functionalities.

To get started I created these rules:

access-list ACL_IN extended permit ip any any access-list ACL_IN extended permit icmp any any access-group ACL_IN in interface outside access-group ACL_IN in interface dmz

That should allow all traffic from the Internet into the DMZ, right? I am guessing those rules apply to the firewall mode, but what about VPN mode? Will my pings and IP traffic go through when I have an IPsec session?

TIA,

-Ramon F Herrera

Loading thread data ...

- B
- Brian V
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Fri, Feb 23, 2007 3:49 AM

And you've also turn off all firewalling ability. You've open the network wide open from the outside to the inside and DMZ, you have also just opened from the DMZ to the inside. That access list should never be used anywhere!

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.