ACL: dmvpn crypto
Need some clarification on the necessary ACL entries to cover only DMVPN crypto.
I thought I had this solid, but apparently not. I can do more lab'ing on this to figure it out, but I am try to wrap up the finish for the lab.
Any help is appreciated. Thanks!
Below, I thought that it was sufficient to allow only ports 500 (isakmp) and 4500 (non500-isakmp)
But....I could not get it to work. Then I added the ESP entry, and the tunnel came up.
ip access-group TEST_IN in
ip access-list TEST_IN
10 permit udp any any eq isakmp (68 matches)
11 permit udp any any eq non500-isakmp
15 permit esp any any (11 matches)