Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Interesting traffic not "any"

I have a VPN site to site with 2 PIXes, to get access to an ftp server. My side is a 506E 6.3(3).

If I permit ip as interesting traffic then the tunnel goes up and I can get access to the ftp server.

If I define three rules to define ftp, ftp-data, and TCP>1023 as interesting traffic, nothing happens. I show the access-lists hitcounts and all are 0.

Some help is needed, please.

Thx in advance,

Hector Miranda

IBM

  • VPN
2 REPLIES
Cisco Employee

Re: Interesting traffic not "any"

You can't use a port-specific access-list to define crypto traffic in a PIX, it has to be host-to-host, host-to-subnet or subnet-to-subnet traffic, not port-to-something.

Define your access-list as just "IP to the FTP server" and it'll work fine.

New Member

Re: Interesting traffic not "any"

Thank you for your answer. But the guys at the other side say they've been able to communicate over the tunnel with another kind of interesting traffic (in a lab situation). Could I send you a copy of my scenario and config file for the pix 506E? In this way you can give me a definitive answer...

Hector Miranda

IBM

135
Views
0
Helpful
2
Replies
This widget could not be displayed.