Activating ESP through the ACL

WanderingSailor · Oct 14, 2003

I would like my router to pass IPSec packets through UDP port 500 using protocol 50 (ESP). Do I write this in my ACL 100/101 (in/out ACLS) to allow traffic to pass in both directions?

If so, would it be:

Access-list 100 permit 50 host a.b.c.d host e.f.g.h eq 500
Access-list 101 permit 50 host e.f.g.h host a.b.c.d eq 500

Thanks for the help!

routerman · Oct 15, 2003

Try this:

Access-list 100 permit udp host a.b.c.d host e.f.g.h eq 500
Access-list 100 permit esp host a.b.c.d host e.f.g.h

Access-list 101 permit udp host e.f.g.h host a.b.c.d eq 500
Access-list 101 permit esp host e.f.g.h host a.b.c.d

int s0
ip access-group 100 in
ip access-group 101 out

Remember in the extended ACL the first IP is the source, the second is the destination. So when you apply these ACL's to the router interface make sure you get the in and out the right way round.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Activating ESP through the ACL

WanderingSailor

IS-IT--Management

routerman

Technical User

Similar threads

Part and Inventory Search

Sponsor