Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Crypto Acls in site to site vpn !

Hi all. I was caught up in a vpn issue and did debug (debug cry ipsec). I discovered that there was a proxy mismatch. I have gone through different articles and docs but never read anywhere that routers in ipsec negotiation also exchange their crypto acls ?? is it correct ? Because i used a combination of mask on one router and could see exactly that mask in debug on other router. It seems that routers also exchange crypto acls also ?

Kindly confirm this point and if possible any cisco doc that addresses this issue also

1 REPLY
New Member

Re: Crypto Acls in site to site vpn !

Hi,

the crypto ACLs are part of the IPSec Security Associations being established between the two peers. Cisco recommends that the crypto ACLs be mirrored on both peers. The following link elaborates:

http://www.cisco.com/en/US/docs/ios/12_1/security/configuration/guide/scdipsec.html#wp1001139

Please rate if helpful.

167
Views
0
Helpful
1
Replies