VPN configuration

Discussion in 'Cisco' started by Benson, Nov 1, 2004.

  1. Benson

    Benson Guest

    Hi,

    I have set up a site-to-site vpn( the branch and HQ ), and configure
    the pix as the following:

    .....

    access-list TrafficToTunnel permit ip 172.27.0.0 255.255.0.0 host
    202.99.12.12
    ....

    access-list inside_outbound_nat0_acl permit ip 172.27.0.0 255.255.0.0
    host 202.99.12.12

    .....

    nat (inside) 0 access-list inside_outbound_nat0_acl


    The 202.99.12.12 is the public IP ( in HQ ) while 172.27.0.0 the local
    LAN
    network.

    Anybody knows what media the traffic is going through ??

    Through public internet...or through site-to-site vpn ( encryption ) ?

    How can I know the traffic into the vpn ( what tool I can use to
    monitor the vpn traffic )?

    Thank you for your help
    Benson, Nov 1, 2004
    #1
    1. Advertising

  2. Benson

    PES Guest

    Benson wrote:
    > Hi,
    >
    > I have set up a site-to-site vpn( the branch and HQ ), and configure
    > the pix as the following:
    >
    > ....
    >
    > access-list TrafficToTunnel permit ip 172.27.0.0 255.255.0.0 host
    > 202.99.12.12
    > ...
    >
    > access-list inside_outbound_nat0_acl permit ip 172.27.0.0 255.255.0.0
    > host 202.99.12.12
    >
    > ....
    >
    > nat (inside) 0 access-list inside_outbound_nat0_acl
    >


    This would be a very rare configuration. Typically, the nat0 acl and
    the crypto acl will specify the internal address of each side. One
    could specify a public address if you actually had a public address
    behind the remote end or were still relying on a static at hq.

    >
    > The 202.99.12.12 is the public IP ( in HQ ) while 172.27.0.0 the local
    > LAN
    > network.
    >
    > Anybody knows what media the traffic is going through ??
    >
    > Through public internet...or through site-to-site vpn ( encryption ) ?
    >
    > How can I know the traffic into the vpn ( what tool I can use to
    > monitor the vpn traffic )?
    >


    I think it would be "show crypto ipsec sa"
    PES, Nov 1, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Elise
    Replies:
    6
    Views:
    796
    John Rennie
    May 22, 2004
  2. jester
    Replies:
    1
    Views:
    1,736
    Vivek
    Dec 20, 2005
  3. Replies:
    0
    Views:
    770
  4. Camilo
    Replies:
    2
    Views:
    612
  5. pasatealinux
    Replies:
    1
    Views:
    2,000
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page