Has anyone come across the following when using PDM 3.0 on PIX 6.3,
If you have a crypto ACL applied on the PIX config and you try to run PDM, the PDM parser stops and warns that the applied ACL is not supported. So the PDM only launches in Monitor mode? If I remove the crypto ACL then the PDM launches normally. Is there a workaround for this?
The ACL that I have applied is as follows:
access-list nonat permit ip 10.x.x.x <mask> 192.168.x.x <mask>
Could someone from Cisco revert back to this question please.
PDM will not allow this and put you into monitor mode. What you need to do (which is a better configuration method anyway), is separate the ACL's with the following:
access-list nonat permit ip 10.x.x.x 192.168.x.x
nat (inside) 0 access-list nonat
access-list 100 permit ip 10.x.x.x 192.168.x.x
crypto map 10 mymap match address 100
This separates your crypto and your nonat ACL's. When you only have one IPSec peer then a lot of people do use the same ACL for both, which is fine, but as you've seen it makes PDM barf. Separating the two ACL's is much better because if at some point later you add a second, third, etc IPSec peer, you simply add a new encryption ACL for the new traffic, and add that to your existing nonat ACL.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :