Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec tunnel problem using access-list

I have IPSec tunnel between my home router which is Cisco 2621 and Cisco 7200 at work. I have IPSec tunnel which works fine if I have traffic orginates from my home LAN segment towards my work. On Cisco 7200 at work, I have access-list "permit any to 10.1.1.0 to bring the tunnel if packet is destined for my home network, but it does not bring the tunnel up.

My question is can I use access-list permi ip any to home_network to bring the tunnel up?

5 REPLIES
New Member

Re: IPSec tunnel problem using access-list

i usually just define the source and destination networks individually.

i.e.,

access-list permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255

never had any trouble with it that way

i don't know if you can't use "any", but i have never seen anyone else do it that way.

New Member

Re: IPSec tunnel problem using access-list

I see what you saying, and it works that way if you know what is the source of traffic. For instance, if you are coming from Internet looking for my webserver, you will hit Cisco 7200 at work which has IPSec tunnle over my DSL to my home LAN which is publically routable address space I got from work.

On Cisco 7200, I have access-list which basically says if anything destined towards my webserver or my class C, bring the IPSec tunnel up, but it does not bring the tunnel up.

New Member

Re: IPSec tunnel problem using access-list

Please do you have any NAT configured on you router 2621 at home ?

Gold

Re: IPSec tunnel problem using access-list

have you implement firewall feature on 2621 at home?

New Member

Re: IPSec tunnel problem using access-list

No, I have not. I really don't have any issue bring tunnel from Cisco 2621 to 7200, but the other way around.

179
Views
0
Helpful
5
Replies
CreatePlease to create content