cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
306
Views
0
Helpful
1
Replies

IPSEC access-list question

lgontarsk
Level 1
Level 1

Hi,

I have an access-list with the following line...

permit ip host 65.119.114.3 62.140.152.0 0.0.0.31

and its crypto ipsec sa shows up as this, with no packets encaps or decaps.

protected vrf:

local ident (addr/mask/prot/port): (65.119.114.3/255.255.255.255/0/0)

remote ident (addr/mask/prot/port): (62.140.152.0/255.255.255.224/0/0)

current_peer: 62.140.138.249:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

#send errors 0, #recv errors

___________________

I also show a crypto ipsec sa which doesn't correspond directly to my accesslist. This is the second time I've seen this... is there any part of IPsec where the access-list are shared with the other end? i didn't think so, but I'm not sure how we got this, if not.

protected vrf:

local ident (addr/mask/prot/port): (65.119.114.3/255.255.255.255/0/0)

remote ident (addr/mask/prot/port): (62.140.152.0/255.255.255.252/0/0)

current_peer: 62.140.138.249:500

PERMIT, flags={}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 22, #pkts decrypt: 22, #pkts verify: 22

#send errors 0, #recv errors 0

Thanks!!

1 Reply 1

ajagadee
Cisco Employee
Cisco Employee

Can you post the configuration from this device.

Regards,

Arul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: