crypto map mat-vpn 2 ipsec-isakmp set peer x.x.x.x set transform-set mat-mm-set match address ACL-MM ! ! ! ! ! ! ! interface GigabitEthernet0/1/0 ip address XXXXXXXXX media-type rj45 negotiation auto ! interface GigabitEthernet0/1/1 XXXXXXXXXXXX media-type rj45 negotiation auto crypto map mat-vpn ! interface Serial0/2/0 no ip address shutdown ! interface Serial0/2/1 no ip address shutdown ! interface Serial0/2/2 no ip address shutdown ! interface Serial0/2/3 no ip address shutdown ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 XXXXXXXXX ip route 0.0.0.0 0.0.0.0 18.104.22.168 254 ip route 192.168.0.0 255.255.0.0 192.168.40.1 ! ip access-list extended ACL-MHQ permit ip 192.168.60.0 0.0.0.255 10.176.32.0 0.0.15.255 permit ip 192.168.60.0 0.0.0.255 10.176.58.0 0.0.1.255 permit ip 192.168.60.0 0.0.0.255 10.176.0.0 0.0.255.255 ip access-list extended ACL-MM permit ip 192.168.60.0 0.0.0.255 10.176.90.0 0.0.0.255 ! ! ! ! control-plane ! !
It looks like traffic is being matched on both tunnels so there will be unexpected results. Traffic going to 10.176.90.0/24 in the ACL-MM access-list will also match on 10.176.0.0/16 in ACL-MHQ access-list. Are you able to be more specific with the ALC-MHQ access-list?
ip access-list extended ACL-MHQ permit ip 192.168.60.0 0.0.0.255 10.176.32.0 0.0.15.255 permit ip 192.168.60.0 0.0.0.255 10.176.58.0 0.0.1.255 permit ip 192.168.60.0 0.0.0.255 10.176.0.0 0.0.255.255 ip access-list extended ACL-MM permit ip 192.168.60.0 0.0.0.255 10.176.90.0 0.0.0.255
-- Please remember to select a correct answer and rate helpful posts
Listen: https://smarturl.it/CCRS9E20Follow us: https://twitter.com/CiscoChampion
With over one trillion email scams per year, more than 22 billion records were exposed by data breaches in 2021. Phishing attacks are clearly on the rise, and they’re e...
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...
SymptomsDownloadable ACL (dACL) does not take effect on the IOS-XE Network Access DevicesDiagnosisCreating redirection ACL on the IOS-XE device failed to redirect the specified traffic for captive portal redirectionSolutionEnable device tracking, Below is...