ipsec crypto map

Unanswered Question
Dec 6th, 2007

if one end of an ipsec tunnel has a specific subnet to subnet match address criteria and the other end an any to subnet match address critieria will the tunnel operate correctly?


ie..


FW1


access-list cryptomap_1 permit ip 172.24.24.0 255.255.255.0 192.168.24.0 255.255.255.0


FW2


access-list crypto_map2 permit ip any 172.24.24.0 255.255.255.0


i know having inverse access-lists on the 2 ends is ideal but what would happen if the 2 ends were different?


any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Thu, 12/06/2007 - 15:39

It will not work, the ACL on each end must match interesting traffic.


HTH

Actions

This Discussion