AS-5500: Do access lists work the same in firewall vs. VPN?

Until now, I have installed firewalls and VPN boxes in parallel, as two separate devices. Now, however, I am working with an AS-5500 and I am a little confused about the interaction between the two functionalities.

To get started I created these rules:

access-list ACL_IN extended permit ip any any access-list ACL_IN extended permit icmp any any access-group ACL_IN in interface outside access-group ACL_IN in interface dmz

That should allow all traffic from the Internet into the DMZ, right? I am guessing those rules apply to the firewall mode, but what about VPN mode? Will my pings and IP traffic go through when I have an IPsec session?


-Ramon F Herrera

Reply to
Ramon F Herrera
Loading thread data ...

And you've also turn off all firewalling ability. You've open the network wide open from the outside to the inside and DMZ, you have also just opened from the DMZ to the inside. That access list should never be used anywhere!

Reply to
Brian V Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.