Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
1
Replies

Applying a new Access-list dirupt VPN connectivity

Go to solution
Shahzad Ayub
Level 1
Level 1

‎05-08-2016 05:50 AM - edited ‎03-05-2019 03:58 AM

Hi,

We have a IPSEC VPN connection running with a remote branch, following ACL is applied and working fine.

VPN ACCESS-LIST


10 permit ip 10.10.10.0 0.0.0.255 10.88.1.0 0.0.0.255

NAT ACCESS-LIST

10 deny ip 10.10.10.0 0.0.0.255 10.88.1.0 0.0.0.255
20 permit ip 10.10.10.0 0.0.0.255 any

Now i want to allow another subnet on same vpn and I added 2 commands one for permit in VPN access-list and other for deny in NAT access-list but after that  I'm unable to connect to old subnet  10.88.1.0/24.New configuration looks a follows

VPN ACCESS-LIST


10 permit ip 10.10.10.0 0.0.0.255 10.88.1.0 0.0.0.255
20 permit ip 10.10.10.0 0.0.0.255 host 10.218.5.3


NAT ACCESS-LIST

10 deny ip 10.10.10.0 0.0.0.255 10.88.1.0 0.0.0.255

15 deny ip 10.10.10.0 0.0.0.255 host 10.218.5.3
20 permit ip 10.10.10.0 0.0.0.255 any

I am not sure what is wrong here?

Thanks

Shahzad

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David_Che
Level 1
Level 1

‎05-08-2016 08:30 AM

When traffic selector ( interesting traffic ) was modified on HQ, traffic selector on branch should also been modified accordingly.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
David_Che
Level 1
Level 1

‎05-08-2016 08:30 AM

When traffic selector ( interesting traffic ) was modified on HQ, traffic selector on branch should also been modified accordingly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card