Help adding address to Tunnel ACL

Answered Question
Nov 7th, 2008

We have a VPN tunnel setup and it's working fine for 172.16.1.40 to 192.168.15.0 and 192.168.100.0. I added 172.16.1.34 to the access-list but for some reason the ASA doesn't pass traffic from 172.16.1.34 through the tunnel. It is recieving traffic from 192.168.100.0 and 192.168.15.0, but won't initiate it from inside. Is there some trick to adding more addresses to the tunnel? The entry on the far end seems to be working, and I have made sure they match. Here is the config on my end-



crypto map outside_map 30 match address Tunnel_to_XXX

crypto map outside_map 30 set peer X.X.X.X

crypto map outside_map 30 set transform-set ESP-3DES-SHA



access-list Tunnel_to_XXX extended permit ip host 172.16.1.40 192.168.15.0 255.255.255.0

access-list Tunnel_to_XXX extended permit ip host 172.16.1.40 192.168.100.0 255.255.255.0

access-list Tunnel_to_XXX extended permit ip host 172.16.1.34 192.168.15.0 255.255.255.0

access-list Tunnel_to_XXX extended permit ip host 172.16.1.34 192.168.100.0 255.255.255.0

Correct Answer by ajagadee about 8 years 3 months ago

Hi,


Have you included the "172.16.1.34" address in your NAT 0 Statement to bypass NAT for IPSEC Traffic.


Regards,

Arul


*Pls rate if it helps*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ajagadee Fri, 11/07/2008 - 11:27

Hi,


Have you included the "172.16.1.34" address in your NAT 0 Statement to bypass NAT for IPSEC Traffic.


Regards,

Arul


*Pls rate if it helps*

Actions

This Discussion