Firewall Wizards mailing list archives
Re: asa 5505 vpn ipsec l2l problem
From: "Christopher J. Wargaski" <wargo1 () gmail com>
Date: Fri, 2 Oct 2009 09:06:06 -0500
Hello-- Is the SA established? If so, try starting with a much simpler ACL for the crypto map match. For example: access-list acl extended permit ip host 192.168.11.11 host 10.1.100.13 access-list acl extended permit ip host 192.168.11.11 host 10.1.100.250 access-list acl extended permit ip host 192.168.11.11 host 10.1.100.105 access-list acl extended permit ip host 192.168.11.12 host 10.1.100.13 access-list acl extended permit ip host 192.168.11.12 host 10.1.100.250 access-list acl extended permit ip host 192.168.11.12 host 10.1.100.105 Make sure that the same ACL is on the other peer. If this works, begin restricting the traffic, say starting with all TCP. Continue restricting the ACL until it it is how you want it, or it no longer works. cjw On Fri, Oct 2, 2009 at 7:09 AM, Hrvoje Popovski <hrvoje () srce hr> wrote:
hello eveyone, i have asa 5505 with Base license and 7.2.4 sofware. Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 3, DMZ Restricted Inside Hosts : 10 Failover : Disabled VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 10 WebVPN Peers : 2 Dual ISPs : Disabled VLAN Trunk Ports : 0 i'm trying to create l2l ipsec tunnel reading manual on http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/site2sit.html and when i'm applying acl in crypto map crypto map abcMap 1 match address acl i'm getting this log: Ignoring msg to mark SA with specified coordinates <abcMap, 1> dead i don't have any debug messages (debug crypto ipsec 100) google it but haven't found any answer. thank you for your answers!
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Christopher J. Wargaski (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Paul Melson (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Farrukh Haroon (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Eric Gearhart (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 04)
- Re: asa 5505 vpn ipsec l2l problem Eric Gearhart (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem craig . wilson (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem Farrukh Haroon (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 04)