Jon Marshall Fri, 03/28/2008 - 03:12
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Your crypto map access-lists don't match ie.


pix.txt


access-list bsns_out permit ip 14.1.0.0 255.255.255.0 10.20.0.0 255.255.255.0

access-list bsns_out permit ip 14.1.0.0 255.255.255.0 192.168.1.0 255.255.255.0


pixe.txt


access-list bsns_out permit ip 10.20.0.0 255.255.255.0 14.1.0.0 255.255.255.0

access-list bsns_out permit ip 10.20.0.0 255.255.255.0 14.2.0.0 255.255.255.0


These should match and you will need to ensure that your nonat access-lists match this as well.


Jon

danilomario Fri, 03/28/2008 - 03:33
User Badges:

Sorry why don't match ?

pix.txt

14.1.0.0 is internal lan

10.20.0.0 is external lan (destination)

192.168.1.0 is outside int of pixe.txt


pixe.txt

10.20.0.0 is internal lan

14.1.0.0 is external lan (destination)

14.2.0.0 is outside int of pix.txt

Jon Marshall Fri, 03/28/2008 - 03:57
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

They don't match because crypto access-lists should just be the reverse of each so

update you access-lists as follows



pix.txt


access-list bsns_out permit ip 14.1.0.0 255.255.255.0 10.20.0.0 255.255.255.0

access-list bsns_out permit ip 14.1.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list bsns_out permit ip 14.2.0.0 255.255.255.0 10.20.0.0 255.255.255.0


pixe.txt


access-list bsns_out permit ip 10.20.0.0 255.255.255.0 14.1.0.0 255.255.255.0

access-list bsns_out permit ip 10.20.0.0 255.255.255.0 14.2.0.0 255.255.255.0

access-list bsns_out permit ip 192.168.1.0 255.255.255.0 14.1.0.0 255.255.255.0



Also where are you connecting from/to when it works and when it doesn't work ?


Jon

Actions

This Discussion