cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
0
Helpful
1
Replies

VPN ACL

examples20001
Level 1
Level 1

Dear All,

I added the below ACL in my VPN config, the VPN is up and running good and initially the access to servers and application from B.O to H.O is smooth, but after some time like 30 mins or so the connections get very slow and some times the connections get dropped.

What can be the problem?

My VPN router is C1841-ADVSECURITYK9-M, Version 12.4(18)

Will the below ACL make loop in VPN connections?

What is the command to see the number of connections or sessions?

ip access-list extended vpnaccess

permit ip 172.30.96.0 0.0.0.255 10.0.0.0 0.255.255.255 log

permit ip 172.A.97.0 0.0.0.255 10.0.0.0 0.255.255.255 log

permit ip 172.A.98.0 0.0.0.255 10.0.0.0 0.255.255.255 log

permit ip 172.A.20.0 0.0.0.255 10.0.0.0 0.255.255.255 log

permit ip 172.A.21.0 0.0.0.255 10.0.0.0 0.255.255.255 log

permit ip 172.A.96.0 0.0.0.255 172.16.0.0 0.15.255.255 log

permit ip 172.A.97.0 0.0.0.255 172.16.0.0 0.15.255.255 log

permit ip 172.A.98.0 0.0.0.255 172.16.0.0 0.15.255.255 log

permit ip 172.A.20.0 0.0.0.255 172.16.0.0 0.15.255.255 log

permit ip 172.A.21.0 0.0.0.255 172.16.0.0 0.15.255.255 log

permit ip 172.A.96.0 0.0.0.255 192.168.0.0 0.0.255.255 log

permit ip 172.A.97.0 0.0.0.255 192.168.0.0 0.0.255.255 log

permit ip 172.A.98.0 0.0.0.255 192.168.0.0 0.0.255.255 log

permit ip 172.A.20.0 0.0.0.255 192.168.0.0 0.0.255.255 log

permit ip 172.A.21.0 0.0.0.255 192.168.0.0 0.0.255.255 log

!

1 Reply 1

tstanik
Level 5
Level 5

The problem may be that the SA has either expired or been cleared. The remote tunnel end device does not know that it uses the expired SA to send a packet (not a SA establishment packet). When a new SA has been established, the communication resumes, so initiate the interesting traffic across the tunnel to create a new SA and re-stablish the tunnel. Following link may help you

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml