Hi,
We've dedicated 7220 controllers for RAPs & VIA VPN services.
We brought up 2 interfaces. One is used on an internal VLAN for management. The other is used on a publicly accessable VLAN interface for communication to VIA Clients & RAPs.
What kind of ACL can I apply on the public interface to restrict traffic to only those needed ports & protocols (udp 500, udp 4500, protocol 50) for RAPs & VIA VPN clients to work?
Is creating an access-list like so the way to go?
conf term
ip access-list session RAP-firewall
any any any deny
any any svc-ike permit
any any svc-natt permit
!
& then apply this to my port.
conf term
interface gig 0/0/1
ip access-group RAP-firewall
!
Would this suffice or is there a better way?
TIA,
--Raf
#7220