mlatham67 Sat, 05/31/2008 - 07:27
User Badges:

I would suggest changing your cypto access lists from source any to your internal networks and nake sure that the remote site is a mirror image.


eg:

access-list OUTSIDE_1_cryptomap extended permit ip 192.168.90.0 255.255.255.0 10.1.20.0 255.255.255.0

access-list OUTSIDE_2_cryptomap extended permit ip 192.168.90.0 255.255.255.0 10.1.20.0 255.255.255.0



If that doesnt work, please paste an debug crypto isakmp 128.



Cheers


Richard Burts Sun, 06/01/2008 - 12:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Asfar


I do not understand what you are doing in the crypto map:

crypto map OUTSIDE_map 1 match address OUTSIDE_1_cryptomap

crypto map OUTSIDE_map 1 set peer y.y.y.114

crypto map OUTSIDE_map 2 match address OUTSIDE_2_cryptomap

crypto map OUTSIDE_map 2 set peer y.y.y.114


Both instances of the crypto map seem to identify the same peer. And when you look at the access lists which are used both access lists permit exactly the same addresses.


Perhaps you can explain a bit about the topology of your network and about what appears to be duplication within the crypto map?


HTH


Rick

Actions

This Discussion