Create the Crypto ACLs

The crypto ACL defines interesting traffic for the router. Interesting traffic is the traffic protected by the VPN connection. Crypto ACLs determine which outbound traffic is encrypted and which goes out as clear text. Inbound traffic is also compared to the crypto ACL. If traffic comes in as clear text and should be encrypted, the router drops the traffic. When creating the crypto ACL, the terms permit and deny refer to encrypt and do not encrypt, respectively. The syntax of the command is as follows:

access-list ACL-number permit | deny protocol source-ip source wildcard destination-ip destination wildcard

Example 19-7 shows the command for configuring the crypto ACL for the connection from New York to San Francisco to encrypt all TCP traffic between those networks.

0 0

Post a comment