01-05-2012 08:58 AM
Hi,
I have setup a site to site VPN with an ASA 5510 (8.4) and a Cisco 2811. The tunnel is working fine, however both sites have 5 different contiguous networks. The crypto ACL between sites states only one subnet.
Is it possible to state a summary address in an ACL rather than having five lines for the ACL?
The tunnel works when the router uses an ACL of 10.2.200.0 0.0.7.255, however if a summary address of all the subnets on the inside network of the ASA are stated in an ACL - 10.1.200.0 255.255.248.0 - then the tunnel does not come up.
Is it possible to state a summary address on a crypto ACL on the ASA?
thanks,
Ash
01-05-2012 11:08 AM
Yes, you could just use the 10/8 as a crypto acl.
Sent from Cisco Technical Support iPad App
01-05-2012 11:11 AM
Is it possible to state a summary address in an ACL rather than having five lines for the ACL? Yes
Is it possible to state a summary address on a crypto ACL on the ASA? Yes.
What do you see, when enable debug for phase one and two?
Can you send the debug output on level 7.
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: