cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
240
Views
0
Helpful
1
Replies

ipsec crypto map

mikedelafield
Level 1
Level 1

if one end of an ipsec tunnel has a specific subnet to subnet match address criteria and the other end an any to subnet match address critieria will the tunnel operate correctly?

ie..

FW1

access-list cryptomap_1 permit ip 172.24.24.0 255.255.255.0 192.168.24.0 255.255.255.0

FW2

access-list crypto_map2 permit ip any 172.24.24.0 255.255.255.0

i know having inverse access-lists on the 2 ends is ideal but what would happen if the 2 ends were different?

any ideas?

1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

It will not work, the ACL on each end must match interesting traffic.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: