L2L VPN Interesting traffic access-list

Unanswered Question
Feb 1st, 2009

i have set up a test Site to Site VPN between two locations through CISCO ASA.

I am using an extended access-list to specify the intersting traffic.

Say the access-list is

permit ip

The tunnel works well when i try to reach the network but, what i have observed is there is no "hit" seen on this particular access-list.

The tunnel definitely is working based on this access-list but, i don't see the HITCOUNT field of the access-list updated.

Could someone through some light on this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
eddie.mitchell@... Fri, 02/06/2009 - 13:02

When you are viewing the access-list are you doing so via a 'show run/show conf' or are you doing a 'show access-list '?

victor_87 Fri, 02/06/2009 - 19:32

Oh yeah definitely using sh access-lists. Im not a rookie.

When i set a VPN on a PIX 6.3 i do get the hits, but i am getting no hits on the ASA.

eddie.mitchell@... Sat, 02/07/2009 - 05:57

What software version are you running? I've got an ASA running 7.2(2) and I'm getting the hitcounts on my crypto ACL's.

victor_87 Sun, 02/08/2009 - 21:02

I am definitely getting hits on my PIX 6.3 but nothing shows up on my ASA 7.2. I am getting a few hits on the crypto ACL when the tunnel is still in the formation stage. Nothing changes after the tunnel has fully formed.


This Discussion