[c-nsp] Getting a VPN to work through a Cisco firewall
Brett Looney
brett at looney.id.au
Wed Jan 11 20:53:24 EST 2006
At 09:47 12/01/2006, you wrote:
> >
> http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d33da.html
>
>Maybe I'm just being dense (or I'm experiencing a different issue
>entirely)... but I'm not seeing where this touches on the VPN issue. I
>understand that the access-lists are not, strictly speak, "written"
>anymore, but shouldn't the VPN still have ip inspect poke the holes in the
>ACL, whether or not those holes are readily viewable?
Sorry - I kinda hijacked your thread there.
To answer your question - yes, you should definitely have holes poked
in the ACL by ip inspect but they won't show up doing a "show
access-list" - you have to do "show ip inspect session detail" to see
what ip inspect really did.
B.
More information about the cisco-nsp
mailing list