Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ipsec crypto map

if one end of an ipsec tunnel has a specific subnet to subnet match address criteria and the other end an any to subnet match address critieria will the tunnel operate correctly?

ie..

FW1

access-list cryptomap_1 permit ip 172.24.24.0 255.255.255.0 192.168.24.0 255.255.255.0

FW2

access-list crypto_map2 permit ip any 172.24.24.0 255.255.255.0

i know having inverse access-lists on the 2 ends is ideal but what would happen if the 2 ends were different?

any ideas?

1 REPLY

Re: ipsec crypto map

It will not work, the ACL on each end must match interesting traffic.

HTH

101
Views
0
Helpful
1
Replies