All,
I have a site to site VPN in place between 2 Cisco firewalls. The tunnel works all OK when the crypto map service is set as IP, as soon as we lock this down to SNMP Poll and Trap only, the tunnel itself drops and will not connect.
We haven't ticked the box to bypass ACL, so have an ACL in place for the same services.
When I filter the interesting traffic, I get the below:
5 | Oct 01 2015 | 12:36:21 | 750001 | | | | | Local:10.x.x.x:500 Remote:10.x.x.x:500 Username:Unknown Received request to establish an IPsec tunnel; local traffic selector = Address Range: 10.x.x.x-10.x.x.x.4 Protocol: 0 Port Range: 0-65535 ; remote traffic selector = Address Range: 192.168.14.1-192.168.14.1 Protocol: 0 Port Range: 0-65535 |
Also the peer IP filtered:
3 | Oct 01 2015 | 12:41:15 | 713902 | | | | | Group = 10.x.x.x., IP = 10.x.x.x, Removing peer from correlator table failed, no match! |
Does anyone have any ideas on this?
D