Filter
Top Products
13 Policy Management
13-10
VPN 3000 Concentrator Series User Guide
For all the default rules except VRRP In and Out, these parameters are identical:
Action = Forward
Source Address = Use IP Address/Wildcard-Mask = 0.0.0.0/255.255.255.255 = any address
Destination Address = Use IP Address/Wildcard-Mask = 0.0.0.0/255.255.255.255 = any address
For maximum security and control, we recommend that you change the
Source Address and Destination
Address
to fit your network addressing and security scheme.
Table 13-1: Cisco-supplied default filter rules
Filter Rule Name Direction Protocol TCP
Connection
TCP/UDP
Source Port
TCP/UDP
Destination Port
ICMP
Packet
Type
Any In Inbound Any Don’t Care Range 0-65535 Range 0-65535 0-255
Any Out Outbound Any Don’t Care Range 0-65535 Range 0-65535 0-255
CRL over LDAP In Inbound TCP Don’t Care LDAP (389) Range 0-65535
CRL over LDAP Out Outbound TCP Don’t Care Range 0-65535 LDAP (389)
GRE In Inbound GRE
GRE Out Outbound GRE
ICMP In Inbound ICMP 0-18
ICMP Out Outbound ICMP 0-18
IKE In Inbound UDP Range 0-65535 IKE (500)
IKE Out Outbound UDP IKE (500) Range 0-65535
Incoming HTTP In Inbound TCP Don’t Care Range 0-65535 HTTP (80)
Incoming HTTP
Out
Outbound TCP Don’t Care HTTP (80) Range 0-65535
Incoming HTTPS
In
Inbound TCP Don’t Care Range 0-65535 HTTPS (443)
Incoming HTTPS
Out
Outbound TCP Don’t Care HTTPS (443) Range 0-65535
IPSec-ESP In Inbound ESP
L2TP In Inbound UDP Range 0-65535 L2TP (1701)
L2TP Out Outbound UDP L2TP (1701) Range 0-65535
LDAP In Inbound TCP Don’t Care Range 0-65535 LDAP (389)
LDAP Out Outbound TCP Don’t Care LDAP (389) Range 0-65535
OSPF In Inbound OSPF
OSPF Out Outbound OSPF
Outgoing HTTP In Inbound TCP Don’t Care HTTP (80) Range 0-65535
Outgoing HTTP
Out
Outbound TCP Don’t Care Range 0-65535 HTTP (80)