Solved: ACL list denied 50 <ip address>

lrgiese · ‎02-15-2005

I am getting this in the syslog from a 2516:

Feb 15 21:01:30 router 1026319: Feb 16 03:01:28: %SEC-6-IPACCESSLOGNP: list 102 denied 50 209.x.x.x -> 209.x.x.x, 15 packets

If I understand this I am dropping IP type 50 packets. If so, what is the syntax to allow these through. I am trying to establish an IPSEC tunnel between two devices and I have my appliance behind my Cisco 2516 and it's ACL list.

If it matters, this router is running IOS 12.0(58a).

Thanks,

Lyle Giese

konigl · ‎02-16-2005

The syntax is essentially the same as permitting or denying tcp, udp, icmp, etc. Just the protocol number is a little higher. Enter

access-list 102 permit 50 209.x.x.x 0.255.255.255 209.x.x.x 0.255.255.255

and when you put in "50", the router will probably translate that to "esp" for Encapsulation Security Protocol when you save it to startup-config.

Of course, specify the actual source and destination IPs and wildcard masks that you need. (I just used what I could see in your post as an example.)

View solution in original post

konigl · ‎02-16-2005

The syntax is essentially the same as permitting or denying tcp, udp, icmp, etc. Just the protocol number is a little higher. Enter

access-list 102 permit 50 209.x.x.x 0.255.255.255 209.x.x.x 0.255.255.255

and when you put in "50", the router will probably translate that to "esp" for Encapsulation Security Protocol when you save it to startup-config.

Of course, specify the actual source and destination IPs and wildcard masks that you need. (I just used what I could see in your post as an example.)

lrgiese · ‎02-16-2005

That's exactly what I was looking for.

I had a real hard time searching for this answer on my own here and never get the right search criteria to point me in the right direction on this one.

Thanks,

Lyle