cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
297
Views
0
Helpful
1
Replies

Applying a new Access-list dirupt VPN connectivity

Shahzad Ayub
Level 1
Level 1

Hi,

We have a IPSEC VPN connection running with a remote branch, following ACL is applied and working fine.

VPN ACCESS-LIST


10 permit ip 10.10.10.0 0.0.0.255 10.88.1.0 0.0.0.255

NAT ACCESS-LIST

10 deny ip 10.10.10.0 0.0.0.255 10.88.1.0 0.0.0.255
20 permit ip 10.10.10.0 0.0.0.255 any

Now i want to allow another subnet on same vpn and I added 2 commands one for permit in VPN access-list and other for deny in NAT access-list but after that  I'm unable to connect to old subnet  10.88.1.0/24.New configuration looks a follows

VPN ACCESS-LIST


10 permit ip 10.10.10.0 0.0.0.255 10.88.1.0 0.0.0.255
20 permit ip 10.10.10.0 0.0.0.255 host 10.218.5.3


NAT ACCESS-LIST

10 deny ip 10.10.10.0 0.0.0.255 10.88.1.0 0.0.0.255

15 deny ip 10.10.10.0 0.0.0.255 host 10.218.5.3
20 permit ip 10.10.10.0 0.0.0.255 any

I am not sure what is wrong here?

Thanks

Shahzad

1 Accepted Solution

Accepted Solutions

David_Che
Level 1
Level 1

When traffic selector ( interesting traffic ) was modified on HQ, traffic selector on branch should also been modified accordingly.

View solution in original post

1 Reply 1

David_Che
Level 1
Level 1

When traffic selector ( interesting traffic ) was modified on HQ, traffic selector on branch should also been modified accordingly.

Review Cisco Networking for a $25 gift card