help with ISAKMP hits on ACL

Unanswered Question
May 18th, 2012
User Badges:
  • Bronze, 100 points or more

We have an ACL applied to an ingress/egress interface of one of our routers (no redundancy so only one way in one way out).

We are NOT trying to block any traffic, more of a research task.

We notice we continuely get hits on ISAKMP line but when viewing the logs we do not see ISAKMP (udp 500) hits nor do we see any additional attempt to go to IPsec - yet.





ip access-list extended TT

  permit udp any any eq isakmp log-input (45000 matches)

  permit esp any any log-input

  permit ahp any ayn log-input

  permit udp any any eq non500-isakmp log-input

  permit ip any any (534500443 matches)





Repeated lines as such

May 18 13:21:37: %SEC-6-IPACCESSLOGP: list TT permitted udp (TenGigabitEthernet1/1 MAC) ->




Any ideas or suggerstions?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion

Related Content