Hi Srinivas and other Cisco Experts,
I would seek advise on below issue and appreciate of your assistance.
The Pix IPsec configuration is site to site. There is many acl_mdc_outside_crypto_-1_xx to difference sites from single location (AA).
When there is an issue to access lotus notes application from Site AA to Site BB, all other services are up and working. All Ipsec are working fine.
This happen one to two time per week. When it happen, users at Site AA simply cannot access lotus notes only, but other user at other sites, face no issue. The issue was resolved after remove the one of ACLs rules and add back the rule at Site AA Pix firewall.
Do you know why? I had replace new firewall, same model with difference IOS version.
Thank you very much.
Below is Site AA PIX firewall configration:
IOS version: 7.2(4)
access-list acl_mdc_outside_crypto_-1_24 extended permit ip host x.x.x.x host x.x.x.x
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map crypto_mdc_outside xx match address acl_mdc_outside_crypto_-1_24
crypto map crypto_mdc_outside xx set peer x.x.x.x
crypto map crypto_mdc_outside xx set transform-set ESP-3DES-SHA
crypto map crypto_mdc_outside interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes