I have setup a site to site VPN with an ASA 5510 (8.4) and a Cisco 2811. The tunnel is working fine, however both sites have 5 different contiguous networks. The crypto ACL between sites states only one subnet.
Is it possible to state a summary address in an ACL rather than having five lines for the ACL?
The tunnel works when the router uses an ACL of 10.2.200.0 0.0.7.255, however if a summary address of all the subnets on the inside network of the ASA are stated in an ACL - 10.1.200.0 255.255.248.0 - then the tunnel does not come up.
Is it possible to state a summary address on a crypto ACL on the ASA?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...