Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help adding address to Tunnel ACL

We have a VPN tunnel setup and it's working fine for 172.16.1.40 to 192.168.15.0 and 192.168.100.0. I added 172.16.1.34 to the access-list but for some reason the ASA doesn't pass traffic from 172.16.1.34 through the tunnel. It is recieving traffic from 192.168.100.0 and 192.168.15.0, but won't initiate it from inside. Is there some trick to adding more addresses to the tunnel? The entry on the far end seems to be working, and I have made sure they match. Here is the config on my end-

crypto map outside_map 30 match address Tunnel_to_XXX

crypto map outside_map 30 set peer X.X.X.X

crypto map outside_map 30 set transform-set ESP-3DES-SHA

access-list Tunnel_to_XXX extended permit ip host 172.16.1.40 192.168.15.0 255.255.255.0

access-list Tunnel_to_XXX extended permit ip host 172.16.1.40 192.168.100.0 255.255.255.0

access-list Tunnel_to_XXX extended permit ip host 172.16.1.34 192.168.15.0 255.255.255.0

access-list Tunnel_to_XXX extended permit ip host 172.16.1.34 192.168.100.0 255.255.255.0

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Help adding address to Tunnel ACL

Hi,

Have you included the "172.16.1.34" address in your NAT 0 Statement to bypass NAT for IPSEC Traffic.

Regards,

Arul

*Pls rate if it helps*

2 REPLIES
Cisco Employee

Re: Help adding address to Tunnel ACL

Hi,

Have you included the "172.16.1.34" address in your NAT 0 Statement to bypass NAT for IPSEC Traffic.

Regards,

Arul

*Pls rate if it helps*

New Member

Re: Help adding address to Tunnel ACL

Good catch, thanks!

98
Views
0
Helpful
2
Replies
CreatePlease to create content