It appears you have not yet registered with our community. To register please click here...


Go Back   CiscoHQ | Forum > Cisco > Cisco Virtual Private Networks
Reload this Page Allowing isakmp and esp traffic any any acceptable risk?

Cisco Virtual Private Networks Discussion and questions related to Cisco VPN (Virtual Private Networks).

Reply
 
Thread Tools Display Modes
Old 07-24-2008, 09:51 PM   #1
balrog259
Junior Member
 
Join Date: Jul 2008
Posts: 3
balrog259 is on a distinguished road
Default Allowing isakmp and esp traffic any any acceptable risk?
Hello,

I have a Cisco 871 using NAT waiting for another router with a Dynamic IP to establish an ipsec VPN tunnel. I was successful in getting another router to establish an ipsec VPN tunnel using a pre-shared key, however the one thing that I don't like is that I had to make a concession and add the following lines to my outside interface:

ip access-list extended ALLOWED-FROM-INTERNET
permit udp any any eq isakmp
permit esp any any

How much of a risk does allowing this traffic from any to any into the router, considering that the only tunnel that should be able to establish needs the pre-shared key?

Is there a better of doing this that I missed?

Thank you in advance.

Balrog259
balrog259 is offline   Reply With Quote
  #1.5
 
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 10:39 AM.

Contact Us - CiscoHQ.com | Cisco Forum - Archive - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
CiscoHQ | 2006 - CiscoHQ is not affliated with Cisco Systems