Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

12.4(20)T object-group/ACL/crypto map on 3825

hi all,

I just upgraded into 12.4(20)T my router because of new object-group fonction that I already use on all my PIX.

Bad thing is : sounds not work

I use object-group to define all my LAN networks for my VPNs

After that I apply ACL in using object-group => no problem

problem appears when I apply ACL on crypto-map. A simple "sh crypto-map" shows me that's false : it finds "permit ip any any" whereas that should be all mashed lan description.

Is it a problem on new IOS or I missed something

Regards

Nicolas

PS : in using ACL with network addresses, that works like a charm, so just when I put object-group in ACL, that doesn't work

4 REPLIES

Re: 12.4(20)T object-group/ACL/crypto map on 3825

Can you post the configuration?

The feature was just released, so it could be bug prone also, or maybe this is one of the restrictions/limitations.

Regards

Farrukh

New Member

Re: 12.4(20)T object-group/ACL/crypto map on 3825

hello,

maybe related to that : http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_object_group_acl.html

about my config, just a part of it on how I use object-group :

object-group network clermont

172.30.80.0 255.255.240.0

192.168.6.0 255.255.255.0

!

object-group network test-clermont

172.31.127.0 255.255.255.0

!

crypto map VPN-edu 10 ipsec-isakmp

set peer xxxxxxxxxxxxx

set transform-set ESP-AES-256-MD5

match address crypt-clermont

!

ip access-list extended crypt-clermont

permit ip object-group test-clermont object-group clermont

Regards

Nicolas

Re: 12.4(20)T object-group/ACL/crypto map on 3825

Your config seeems OK to me. Maybe others can comment.

Regards

Farrukh

Intersting to see that the IOS is using subnet masks now :)

New Member

Re: 12.4(20)T object-group/ACL/crypto map on 3825

Right now the object groups are not supported with IPSec.

266
Views
0
Helpful
4
Replies