07-26-2003 06:06 AM - edited 02-21-2020 12:41 PM
Hi
i m trying to establish a IPSEC tunnel between a router and checkpoint F/W.I hve already 12 locations running with the same setup establishing tunnel with the F/W.all the locations r having same H/W(1751) same IOS.
At present i m facing some probs in a particular location.Some of my colleagues has created 4 extended access list(101) with 2 unecessary things on tht.now i m trying to remove those 2 lines but i couldnt able to do.
i m first removing the crypto map from the bri interface,then removing the acces-list from the crypto map name 10 ipsec-isakmp,then removing those 2 lines which r not reqd.
but its getting disconneted while doing this.so i had to reset the router to bring up...
is ther any solution to remove those 2 lines without getting disconnnected ????
regds
prem
07-26-2003 11:45 AM
Hi Prem,
Could you post the output of sh crypto map? You should be able to modify the access-list if you've taken off the crypto map from the interface.
Thanks
Ranjana
07-27-2003 04:30 AM
Hi
At present hes not connected ,i will post the same once hes connected ....
Regds
prem
07-27-2003 10:08 PM
hi
this is the cyrpto map output..
router1r#sh crypto map
Crypto Map "vpn" 10 ipsec-isakmp
Peer = r.r.r.r
Extended IP access list 101
access-list 101 permit ip x.x.x.0 0.0.0.255d.d.d.0 0.0.0.255
access-list 101 permit ip n.n.n.0 0.0.0.255 d.d.d.0 0.0.0.255
access-list 101 permit ip n.n.n.0 0.0.0.255d.d.d.0 0.0.0.255
access-list 101 permit ip x.x.x.0 0.0.0.255 d.d.d.0 0.0.0.255
Current peer: r.r.r.r
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={
omkvpn,
}
Interfaces using crypto map omkvpn:
BRI0:1
BRI0:2
Serial0
BRI0
BRI0:1
BRI0:2
router1r#
i want to remove these unwanted acls
access-list 101 permit ip n.n.n.0 0.0.0.255 d.d.d.0 0.0.0.255
access-list 101 permit ip n.n.n.0 0.0.0.255d.d.d.0 0.0.0.255
which i m not able to remvoe at present...
regds
prem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide