Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
1
Replies

Adjusting crypto-interesting ACL on live L2L IPSEC tunnel

Go to solution
Ruterford
Level 1
Level 1

‎11-03-2011 08:18 AM - edited ‎02-21-2020 05:41 PM

Hi All,

I need to put additional host on the existing crypto-interesting ACL on live tunnel with real-time traffic.

I have remote side network engineer to apply the same on their end.

My question is will it interrupt existing tunnel/traffic if we put additional hosts on the ACL simultaneously on both sides?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-03-2011 08:31 AM

Each permit entry in TS in ACL will generate it's own IPsec SA.

There should be no impact on existing services - just pay extra attention not to introduce any overlap into ACLs.

A separate matter is that very often to update crypto map DB we sometimes need to remove and re-add crypto map configuration - which will cause traffic distruption.

Marcin

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-03-2011 08:31 AM

Each permit entry in TS in ACL will generate it's own IPsec SA.

There should be no impact on existing services - just pay extra attention not to introduce any overlap into ACLs.

A separate matter is that very often to update crypto map DB we sometimes need to remove and re-add crypto map configuration - which will cause traffic distruption.

Marcin

0 Helpful
Customers Also Viewed These Support Documents