mlatham67 Sat, 05/31/2008 - 07:27

I would suggest changing your cypto access lists from source any to your internal networks and nake sure that the remote site is a mirror image.

eg:

access-list OUTSIDE_1_cryptomap extended permit ip 192.168.90.0 255.255.255.0 10.1.20.0 255.255.255.0

access-list OUTSIDE_2_cryptomap extended permit ip 192.168.90.0 255.255.255.0 10.1.20.0 255.255.255.0

If that doesnt work, please paste an debug crypto isakmp 128.

Cheers

Richard Burts Sun, 06/01/2008 - 12:22

Asfar

I do not understand what you are doing in the crypto map:

crypto map OUTSIDE_map 1 match address OUTSIDE_1_cryptomap

crypto map OUTSIDE_map 1 set peer y.y.y.114

crypto map OUTSIDE_map 2 match address OUTSIDE_2_cryptomap

crypto map OUTSIDE_map 2 set peer y.y.y.114

Both instances of the crypto map seem to identify the same peer. And when you look at the access lists which are used both access lists permit exactly the same addresses.

Perhaps you can explain a bit about the topology of your network and about what appears to be duplication within the crypto map?

HTH

Rick

Actions

This Discussion