Anyone know why I'm having a problem setting up a VPN between a Cisco router and a VPN concentrator and using an ACL that restricts by protocol?
I had a VPN set up with a vendor between my 2611 and their PIX and had ACL's like:
permit tcp host x.x.x.x host y.y.y.y eq ftp and when they moved and installed a concentrator this no longer works and we need to use permit ip host x.x.x.x host y.y.y.y with no protocol restrictions.
I have another tunnel set up with a different partner that is the same situation, we were never able to make this work but I have yet another tunnel between my router and my own PIX that works fine when I trim down to only my needed protocols.
Why the problem doing this between two Cisco devices (though not PIX)?
*tunnel comes up but we are unable to complete the FTP login and even get a directory listing. (yes, I know I also need "ftp-data").