07-10-2008 10:46 PM - edited 03-03-2019 10:41 PM
Hi,
We have one of our customer named IFFCO. They have facing problem that they won't able to access there remote server "10.1.1.13" from Regional branches like MUL R.O,HYD R.O but it can access from Factory router and from Vlan1 and Vlan2. I have attached the diagram and configuration of HO router, L3 switch.
Your kind response will solve this problem
regards
Salman
07-10-2008 11:13 PM
Hi, Salman Ahmad
You should redesign the vpn connection between ASA and remote peer 213.42.236.44
Your crypto acl "iffcosts_list" must be reconsidered on both sides.
[Pls RATE if HELPS]
07-10-2008 11:33 PM
Hi,
Describe me briefly about crypto acl on
both side.
What do you mean by both sides in detail?
regards
Salman
07-11-2008 01:38 AM
no access-list iffcosts_list extended permit ip host 192.168.2.15 192.168.10.0 255.255.255.0
no access-list iffcosts_list extended permit ip host 192.168.2.13 host 10.1.1.20
no access-list iffcosts_list extended permit ip 192.168.0.0 255.255.0.0 host 10.1.6.11
no access-list iffcosts_list extended permit ip 192.168.3.0 255.255.255.0 192.168.10.0 255.255.255.0
no access-list iffcosts_list extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
no access-list iffcosts_list extended permit ip 192.168.2.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list iffcosts_list extended permit ip 192.168.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list iffcosts_list extended permit ip 192.168.0.0 255.255.0.0 192.168.10.0 255.255.255.0
no access-list iffcosts_list extended permit tcp 192.168.2.0 255.255.255.0 host 10.1.1.20 eq lotusnotes
on your peer must have mirror crypto acl
access-list peer_list extended permit ip 10.1.0.0 255.255.0.0 192.168.0.0 255.255.0.0
access-list peer_list extended permit ip 192.168.10.0 255.255.255.0 192.168.0.0 255.255.0.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide