I configured IPSEC VPN between 2 sites with ISAKMP turn off. Currently it works, but the problem is only the access-list sequence number one is bind to the IPSEC
, subsequent number of the access-list 121 does not appear on IPSEC, when I perform show crypto ipsec sa. Why ? Normally if using dynamic ISAKMP, we can see all the source and destination defind on te access-list. ??
When perform the ping test I can only ping from 192.168.7.0 network to 172.17.1.0 hosts, not other.
If I remove the first sequence , then from 192.168.8.0 can ping to 172.17.1.0 hosts.
access-list 121 permit ip 192.168.7.0 0.0.0.255 172.17.1.0 0.0.0.255
access-list 121 permit ip 192.168.8.0 0.0.0.255 172.17.1.0 0.0.0.255
access-list 121 permit ip 184.108.40.206 0.0.0.255 172.17.1.0 0.0.0.255
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...