Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Adjusting crypto-interesting ACL on live L2L IPSEC tunnel

Hi All,

I need to put additional host on the existing crypto-interesting ACL on live tunnel with real-time traffic.

I have remote side network engineer to apply the same on their end.

My question is will it interrupt existing tunnel/traffic if we put additional hosts on the ACL simultaneously on both sides?

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Adjusting crypto-interesting ACL on live L2L IPSEC tunnel

Each permit entry in TS in ACL will generate it's own IPsec SA.

There should be no impact on existing services - just pay extra attention not to introduce any overlap into ACLs.

A separate matter is that very often to update crypto map DB we sometimes need to remove and re-add crypto map configuration - which will cause traffic distruption.

Marcin

1 REPLY
Cisco Employee

Adjusting crypto-interesting ACL on live L2L IPSEC tunnel

Each permit entry in TS in ACL will generate it's own IPsec SA.

There should be no impact on existing services - just pay extra attention not to introduce any overlap into ACLs.

A separate matter is that very often to update crypto map DB we sometimes need to remove and re-add crypto map configuration - which will cause traffic distruption.

Marcin

257
Views
0
Helpful
1
Replies
CreatePlease to create content