Firewall Wizards mailing list archives
Re: asa 5505 vpn ipsec l2l problem
From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 2 Oct 2009 12:05:54 -0400
and when i'm applying acl in crypto map crypto map abcMap 1 match address acl i'm getting this log: Ignoring msg to mark SA with specified coordinates <abcMap, 1> dead i don't have any debug messages (debug crypto ipsec 100) google it but
haven't found
any answer. thank you for your answers! acl access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.13 eq
4000
access-list acl extended permit tcp host 192.168.11.11 host 10.1.110.250
eq 4000
access-list acl extended permit tcp host 192.168.11.11 eq ftp host
10.1.100.105 eq ftp
access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.105
eq ftp-data
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.13 eq
4000
access-list acl extended permit tcp host 192.168.11.12 host 10.1.110.250
eq 4000
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105
eq ftp
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105
eq ftp-data You can only use 'permit ip' in an access-list used for crypto map match, and your access-list is set to use tcp. If you need to filter VPN traffic down to the port and protocol level, use the access-list applied to the outside interface, not the access-list applied to the VPN tunnel's crypto map. PaulM _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Christopher J. Wargaski (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Paul Melson (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Farrukh Haroon (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Eric Gearhart (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 04)
- Re: asa 5505 vpn ipsec l2l problem Eric Gearhart (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem craig . wilson (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem Farrukh Haroon (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 04)