Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Modifying ACL for interesting traffic, does it require me to clear ipsec sa

I already have a VPN tunnel setup - I would like to add another subnet to the interesting traffic. Once I add the IP / subnet to the ACL for interesting traffic - do I have restart any negotiations between VPN peers?

2 REPLIES
Hall of Fame Super Blue

Re: Modifying ACL for interesting traffic, does it require me to

Each individual entry in your crypto map acl for interesting traffic creates a separate ipsec sa (2 actuallu as ipsec sa's are unidirectional).

So no you should not have to clear the existing ipsec sa.

Jon

New Member

Re: Modifying ACL for interesting traffic, does it require me to

Thanks Jon - I remember reading that they were unidirectional...but was not aware that each entry creates a seperate sa...

124
Views
0
Helpful
2
Replies
CreatePlease to create content