Access list problem

moses12315 · ‎10-20-2008

Pls see the attah.

Thanks

Moses

Also post on Network management

singhsaju · ‎10-20-2008

Post configs of both routers.That will clarify routing info and the VPN networks.

From the config lines from the attachment .

There is " deny " statement in the access list bound to interfaces on both routers for network 192.0.0.0/8 .Check if this is not blocking the ping.

HTH

Saju

Pls rate helpful posts

moses12315 · ‎10-20-2008

Here is the crypto map match address on attach.

Thanks

Moses

singhsaju · ‎10-20-2008

yes include 192.0.0.0/8 subnet to the Crypto ACL if you want to encrypt the traffic.

moses12315 · ‎10-20-2008

Yes lets say i do not want to encrypt the 192.0.0.0/8 traffic. Lets say that i want to deny that traffic. Why is not working with the access list? Does match address of the crypto map interferes with the access list on the interface.

Thanks

Moses

singhsaju · ‎10-20-2008

Hi Moses,

Since you did not specify 192. network in the Crypto ACL so it will will never go into tunnel(or it will not be encrypted)

I think your ping to 192 network is blocked by the outbound access-list on Router A

try removing it and then test

interface Serial1/3.6 point-to-point

description RouterA

no ip access-group AList out

Extended IP access list AList

10 deny ip 192.0.0.0 0.255.255.255 any =========> this is blocking your ping packets(30 matches)

11 deny ip host 10.9.9.12 any

20 permit ip any any (4576 matches)

HTH

Saju