Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
1
Replies

Crypto Acls in site to site vpn !

illusion_rox
Level 1
Level 1

‎07-31-2009 10:04 PM

Hi all. I was caught up in a vpn issue and did debug (debug cry ipsec). I discovered that there was a proxy mismatch. I have gone through different articles and docs but never read anywhere that routers in ipsec negotiation also exchange their crypto acls ?? is it correct ? Because i used a combination of mask on one router and could see exactly that mask in debug on other router. It seems that routers also exchange crypto acls also ?

Kindly confirm this point and if possible any cisco doc that addresses this issue also

Labels:
0 Helpful
1 Reply 1

i.va
Level 3
Level 3

‎08-02-2009 12:34 AM

Hi,

the crypto ACLs are part of the IPSec Security Associations being established between the two peers. Cisco recommends that the crypto ACLs be mirrored on both peers. The following link elaborates:

http://www.cisco.com/en/US/docs/ios/12_1/security/configuration/guide/scdipsec.html#wp1001139

Please rate if helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents