[nsp] Access-list question

Richmond, Jeff (ELI) jeff_richmond at eli.net
Mon Oct 27 14:58:53 EST 2003


No, it should look something like this:

access-list 131 permit gre any any (if you are using GRE with IPSEC)
access-list 131 permit udp any any eq isakmp
access-list 131 permit esp any any

isakmp is udp port 500 and esp is protocol 50

-Jeff

-----Original Message-----
From: Kevin [mailto:kevin at honeycomb.net]
Sent: Monday, October 27, 2003 11:51 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Access-list question


Does anyone know how allow ipsec through an accesslist?
I know ipsec uses port 500 UDP and port 50 IP?

Would it be?:
access-list 131 permit udp any any eq 500
access-list 131 permit tcp any any eq 50
access-list 131 permit udp any any eq 50

Kevin,




_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list