Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VIP Purple

Changed Behavior for Crypto-Map-ACLs in IOS 15.2?

Hi all,

following setup worked on IOS 15.0x:

crypto map VPN-INET 70 ipsec-isakmp

  set peer a.b.c.d

  set ip access-group VPN-TRAFFIC-DENY in

  set transform-set ESP-AES256-SHA

  match address VPN-XXXXX

!

interface GigabitEthernet0/0

  ip inspect FW out

  crypto map VPN-INET

!

ip access-list extended VPN-TRAFFIC-DENY

  deny   ip any any

The intention of this setup is to only allow connections that are initiated from the local network and CBAC should take care of the return-packets.

After an update to 15.2(4)M5, the behavior changed and although the VPN works as normal (encrypted and decrypted packets), no traffic is flowing back into the network.

In the documentation or the release-notes I don't find any hint that something has to be changed in the configuration for 15.2. Did I miss something or is there a bug that brakes a function that worked perfectly fine before?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni       


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
163
Views
0
Helpful
0
Replies
作成コンテンツを作成するには してください