Thanks Aaron and Tyson Patrice Ngassam CEO NEN NET Inc.
Date: Fri, 30 Jul 2010 13:35:42 -0400 Subject: Re: [OSL | CCIE_RS] ASA 101 From: [email protected] To: [email protected] CC: [email protected] Hi Patrice, Normally you will terminate the vpn tunnel on the outside interface. In most setups you will configure NAT exemption between the inside interfaces and the remote site so the ASA does not translate the addresses. Also worth mentioning is the default action of the ASA is to bypass the ACL on the interface where the tunnel terminates. Ex. If you apply the crypto map to the outside interface and you have an inbound access list on the outside interface, the VPN traffic will not be checked against the ACL. It will just be permitted. This option can be disables and make the traffic bound to the access list by using the "no sysopt connection permit-vpn" Aaron On Fri, Jul 30, 2010 at 1:33 AM, Patrice Ngassam <[email protected]> wrote: Hi dear folks, not really a ccie R&S question, this is related to firewall. Question: when a remote-vpn tunnel is built on an ASA firewall is that an Internal or External interface? Patrice Ngassam CEO NEN NET Inc. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
