[c-nsp] IOS/ASA VPN interop question
Ryan West
rwest at zyedge.com
Wed Oct 27 12:08:34 EDT 2010
Tom,
>From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tom Devries
>Sent: Wednesday, October 27, 2010 11:41 AM
>
>Hi,
>
>This is more of an interop question. When trying to establish a vpn between a J series SRX device and a C series IOS/ASA device, does anyone know if the C device will accept a proxy id of 0.0.0.0/0.0.0.0/0 in the SA creation?
I've done this with an SSG in the past, it was pretty ugly, but I blocked all address ranges from being considered interesting traffic with denies in the beginning and then included my interesting with an any any at the end.
object-group network cust_exclude
network-object 0.0.0.0 128.0.0.0
.....
Network-object 192.0.0.0 192.0.0.0
access-list cust_vpn deny ip any obj cust_exclude
access-list cust_vpn permit ip any any
-ryan
More information about the cisco-nsp
mailing list