we have a router connecting to multiple remotes sites via GRE/IPSEC tunnels. Multiple crypto map entries with ACLs are created for the multiple tunnel interfaces.
If i want to change one ACL for one remote site, must i remove the crypto map first? I found out if i dont remove the crypto map statement before changing acl, all the traffics to all the remote sites are affected. Is this the normal behavior?
Re: must I stop crypto map first before chaning ACL?
You must remove the Crypto map from the physical interface. You can leave the tunnel interfaces alone. If you are making changes to a crypto map in use you have to remove the process off the router or you lock up the router kind of like changing code to a software application while the application is running. You do not although have to unapply crypto if you are adding a new map entry.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...