Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA Crypto ACL

Hi,

I have setup a site to site VPN with an ASA 5510 (8.4) and a Cisco 2811. The tunnel is working fine, however both sites have 5 different contiguous networks. The crypto ACL between sites states only one subnet.

Is it possible to state a summary address in an ACL rather than having five lines for the ACL?

The tunnel works when the router uses an ACL of 10.2.200.0 0.0.7.255, however if a summary address of all the subnets on the inside network of the ASA are stated in an ACL - 10.1.200.0 255.255.248.0 - then the tunnel does not come up.

Is it possible to state a summary address on a crypto ACL on the ASA?

thanks,

Ash

  • VPN
2 REPLIES

Re: Cisco ASA Crypto ACL

Yes, you could just use the 10/8 as a crypto acl.

Sent from Cisco Technical Support iPad App

Cisco ASA Crypto ACL

Is it possible to state a summary address in an ACL rather than having five lines for the ACL? Yes


Is it possible to state a summary address on a crypto ACL on the ASA? Yes.

What do you see, when enable debug for phase one and two?

Can you send the debug output on level 7.

thanks

770
Views
0
Helpful
2
Replies
This widget could not be displayed.