cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
557
Views
0
Helpful
4
Replies

L2L VPN Interesting traffic access-list

victor_87
Level 1
Level 1

i have set up a test Site to Site VPN between two locations through CISCO ASA.

I am using an extended access-list to specify the intersting traffic.

Say the access-list is

permit ip 172.16.0.0 255.255.0.0 192.168.0.0 255.255.255.0

The tunnel works well when i try to reach the 192.168.0.0 network but, what i have observed is there is no "hit" seen on this particular access-list.

The tunnel definitely is working based on this access-list but, i don't see the HITCOUNT field of the access-list updated.

Could someone through some light on this?

4 Replies 4

eddie.mitchell
Level 3
Level 3

When you are viewing the access-list are you doing so via a 'show run/show conf' or are you doing a 'show access-list '?

Oh yeah definitely using sh access-lists. Im not a rookie.

When i set a VPN on a PIX 6.3 i do get the hits, but i am getting no hits on the ASA.

What software version are you running? I've got an ASA running 7.2(2) and I'm getting the hitcounts on my crypto ACL's.

I am definitely getting hits on my PIX 6.3 but nothing shows up on my ASA 7.2. I am getting a few hits on the crypto ACL when the tunnel is still in the formation stage. Nothing changes after the tunnel has fully formed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: