[c-nsp] vpn configure
Ryan West
rwest at zyedge.com
Wed Aug 12 08:50:14 EDT 2009
Deric,
It was listed in my original reply:
Access-list vpn_myacl permit ip <local address> <mask> <remote address> <mask>
Assuming you're doing NAT, then you would apply that same ACL to your noNAT ACL. The "vpn_myacl" interesting traffic ACL is then called from the 'crypto map <your crypto map> <SEQ#> match address vpn_myacl' command.
-ryan
From: Deric Kwok [mailto:deric.kwok2000 at gmail.com]
Sent: Wednesday, August 12, 2009 6:59 AM
To: Ryan West; engel.labiro at gmail.com
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] vpn configure
Thank you
Do you know what is cli to configure remote subnet and local subnet for vpn?
On Tue, Aug 11, 2009 at 9:28 PM, Ryan West <rwest at zyedge.com<mailto:rwest at zyedge.com>> wrote:
You can configure the PIX for local and remote subnets using your interesting traffic ACL.
Access-list vpn_myacl permit ip <local address> <mask> <remote address> <mask>
The PIX can be configured from the outside using PDM:
http <outside address> <mask> outside
hth
-ryan
More information about the cisco-nsp
mailing list