Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Basic VPN Configuration question.

Why do the configuration examples have multiple access-list statements that are identical? This example is from http://www.cisco.com/warp/public/110/pixhubspoke.html

access-list 120 permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0

access-list 100 permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0

nat (inside) 0 access-list 100

Why not just use access-list 120 in the NAT 0 statement and omit the ACCESS-LIST 100 statement?

2 REPLIES
Community Member

Re: Basic VPN Configuration question.

On the right pane of that document is a place for your comments. Cisco’s TAC reads and handles those comments (I’ve actually submitted an error this way so I know) so you should fill that form out and let them know your concerns.

Community Member

Re: Basic VPN Configuration question.

I think they did it that way to to illustrate that the NAT & IPSEC processes both use acls & are separate (though inter-related) processes. Either way is okay.

109
Views
0
Helpful
2
Replies
CreatePlease to create content