Before I add in config

- P
- psychogenic
  
  Contact options for registered users
posted
18 years ago

Wed, Apr 5, 2006 2:01 PM

I have a router currently setup to allow my LAN to reach the internet and I'm also setting up easy vpn to allow remote sites to connect to resources within my lan. If I add in the configs to set isakmp policy and ipsec on my public interface (just two on here, inside and outside), would that interfere with my current internet connection or would it be simply ignored until a vpn connection is being made? My first time doing this and guess i'm being a little paranoid... :)

Thanks in advance for any help.

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, Apr 5, 2006 6:17 PM

isakmp is ignored until needed. Large parts of IPSec configuration are ignored until needed.

However, if you define an IPSec configuration and activate it on an interface, without having defined an access-list of traffic to match (or the access-list is missing) then the router (or PIX) will treat that as indicating that *all* traffic should go over the IPSec connection... breaking everything. So be careful about creating your crypto access-lists!

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.