Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to add a new network to the current VPN configuration in the router

Core issue

This provides information on how to match more than one access-list to a single crypto peer.

Resolution

In order to accomplish this, add a new match address to the current match addresses in the VPN configuration.

The new match addresses can be configured with the help of access-lists.

This configuration example shows the current match-address in the router and how to add the new access-lists:

crypto map green-vpn 10 ipsec-isakmp

set peer 10.46.10.190

set transform-set tns

set pfs group2

match address 190

Router(config)#do show access-list

!--- displays the  access-lists

Extended IP access list 190

10 permit ip host 10.66.146.146 192.168.20.0 0.0.1.255

In order to add a new network to the current match addresses, issue the access-list with new line no:

Router(config)#ip access-list extended 190
!---  allows the access-list configuration of the router where modifications can be made to be entered

Router(config-ext-nacl)#15 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

 
Router(config-ext-nacl)#do show access-list 190

Extended IP access list 190

  10 permit ip host 10.66.146.146 192.168.20.0 0.0.1.255

  15 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:07 PM
Updated by:
 
Labels (1)