11-28-2003 08:06 AM - edited 02-21-2020 12:53 PM
Hi,
I configured IPSEC VPN between 2 sites with ISAKMP turn off. Currently it works, but the problem is only the access-list sequence number one is bind to the IPSEC
, subsequent number of the access-list 121 does not appear on IPSEC, when I perform show crypto ipsec sa. Why ? Normally if using dynamic ISAKMP, we can see all the source and destination defind on te access-list. ??
When perform the ping test I can only ping from 192.168.7.0 network to 172.17.1.0 hosts, not other.
If I remove the first sequence , then from 192.168.8.0 can ping to 172.17.1.0 hosts.
Eg.
access-list 121 permit ip 192.168.7.0 0.0.0.255 172.17.1.0 0.0.0.255
access-list 121 permit ip 192.168.8.0 0.0.0.255 172.17.1.0 0.0.0.255
access-list 121 permit ip 193.168.1.0 0.0.0.255 172.17.1.0 0.0.0.255
11-28-2003 03:31 PM
This is a restriction of using ipsec-manual. You can only specify one line in the ACL the subsequent lines are ignored.
11-29-2003 03:50 AM
Thanks for the answer.
Another question is if I have same router/interface/crypto map. Is it possible I build IPSEC to one site with Manual ISAKMP and another site with auto ISAKMP ?
If possible how and can you provide the config.
Many Thanks.
11-29-2003 03:57 AM
Thanks for the answer.
Another question is if I have same router/interface/crypto map. Is it possible I build IPSEC to one site with Manual ISAKMP and another site with auto ISAKMP ?
If possible how and can you provide the config.
Many Thanks.
12-01-2003 12:42 AM
yes, you can. you can one long crypto map with different sequence numbers and you can use which method you want for each part of this crypto map. For example;
crypto map test 10 ipsec-manual
set peer ...
match adddres ...
...
crypto map test 20 ipsec-isakmp
set peer ...
match adddres ...
...
for manual ipsec a sample configuration;
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093c26.shtml
hope this helps..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide