[c-nsp] VPN blocked from access list
Voll, Scott
Scott.Voll at wesd.org
Mon Aug 23 22:29:02 EDT 2004
If this is your whole ACL then your missing a permit VPN connection. I think if I remember right IP port 50? All ACL's end with a deny all.
Scott
-----Original Message-----
From: Paul Stewart [mailto:pauls at nexicom.net]
Sent: Mon 8/23/2004 5:35 PM
To: cisco-nsp at puck.nether.net
Cc:
Subject: [c-nsp] VPN blocked from access list
Below is part of an access list we have implemented at a cable modem
POP. Works great along with blocking windows ports and crap. :)
The problem is that since I implemented this access list, our cable
techs cannot access our VPN.
Is what I did below just wrong OR is it just missing some permit
statements for other icmp types that I missed?
Thanks,
Paul
access-list 100 remark Specifically block ICMP fragments
access-list 100 deny icmp any any fragments
access-list 100 remark Permit inbound ping.
access-list 100 permit icmp any any echo
access-list 100 remark Permit inbound ping response.
access-list 100 permit icmp any any echo-reply
access-list 100 remark Permit Path MTU to function.
access-list 100 permit icmp any any packet-too-big
access-list 100 remark Permit time exceeded messages for traceroute and
loops.
access-list 100 permit icmp any any time-exceeded
access-list 100 remark And explicitly block all other ICMP packets
access-list 100 deny icmp any any
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list