IP access lists are used to identify which packets should be encrypted as they exit the interface. They can be isolated to the encryption process by type of service, network, and IP address. In this way, our access lists will be acting as Security Associations. Since we have implemented encryption on this interface, the access list syntax remains the same, but the meaning of the words can permit or deny change. In this case, permit means to encrypt, and deny means to pass in the clear. |