Hi Experts,
I wan to check if let's say for this encrpytion as below, will it work if the match address is different access-list?
Is it okay if match address 108 is permit any any? Thanks.
For example, below 10.18.50.1 at Segment A is communicating with 10.18.40.1 at Segment B on this encrpytion traffic.
Router A#
crypto map NVR 15 ipsec-isakmp
set peer 10.18.20.5
set transform-set NVRS
match address 107
access-list 107 permit ip host 10.18.50.1 host 10.18.40.1
Router B#
crypto map NVR 15 ipsec-isakmp
set peer 10.18.20.6
set transform-set NVRS
match address 108
access-list 108 permit ip any any
Solved! Go to Solution.
Hi Cindy,
According to my observations the access-lists defining the interesting traffic should be symmetrical on the VPN endpoints. Else the IPSec negotiation will fail and the VPN tunnel will not be formed.
So access-list 108 should be the following:
access-list 108 permit ip host 10.18.40.1 host 10.18.50.1
Cheers:
Istvan
Hi Cindy,
According to my observations the access-lists defining the interesting traffic should be symmetrical on the VPN endpoints. Else the IPSec negotiation will fail and the VPN tunnel will not be formed.
So access-list 108 should be the following:
access-list 108 permit ip host 10.18.40.1 host 10.18.50.1
Cheers:
Istvan
Thanks Istvan.
I got it now.. :)
That's is very helpful..
rgds,
cindy.