Hi all,
Planning to take my CCNA Sec soon and have a question relating to creating crypto acl.
I have the rest of the config down, but say if I have the following config ...
Subnet A-----RouterA -----VPN TUNNEL----- RouterB--------Subnet B
192.168.0.0 172.12.12.1 172.12.12.2 10.0.0.0
what would the crypto acl be if I wanted any say encrypt all smtp traffic. Do I carry out the permit statement from the 192 subnet or from the 172.12.12.1 - does tunnel or tansport mode have an impact on the ACL that I write.
So if using Tunnel mode would be ACL be:
config t- ip access-list extended 123
permit tcp host 172.12.12.1 host 172.12.12.2 eq smtp
or would it be...
config t- ip access-list extended 123
permit tcp 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255 eq smtp
Thanks
Just getting a little confused and want to get it straight in my head.
Planning to take my CCNA Sec soon and have a question relating to creating crypto acl.
I have the rest of the config down, but say if I have the following config ...
Subnet A-----RouterA -----VPN TUNNEL----- RouterB--------Subnet B
192.168.0.0 172.12.12.1 172.12.12.2 10.0.0.0
what would the crypto acl be if I wanted any say encrypt all smtp traffic. Do I carry out the permit statement from the 192 subnet or from the 172.12.12.1 - does tunnel or tansport mode have an impact on the ACL that I write.
So if using Tunnel mode would be ACL be:
config t- ip access-list extended 123
permit tcp host 172.12.12.1 host 172.12.12.2 eq smtp
or would it be...
config t- ip access-list extended 123
permit tcp 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255 eq smtp
Thanks
Just getting a little confused and want to get it straight in my head.