Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

probelm with my vpn connecation

i have already vpn connecation between two siT?'s and this vpn is working fine but the probelm come when i try to add any access list to this connecation the connecation start acting weird and i get many request time out and when i remove the the acceess list or restarting the pix everything back to work normally i ahve no clue why this happen bytheway i have pix firewall modle 515E

1 REPLY

Re: probelm with my vpn connecation

Make sure that the ACL that allows traffic is not the same with the Crypto ACL that specified the VPN networks.

The access ACL will permit traffic between the local network and remote network specified in the Crpto ACL. As well, the NAT 0 ACL will need to be identical with the Crypto ACL.

Example:

access-list CryptoACL permit ip any 10.0.0.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list Nat0 permit ip any 10.0.0.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list in_inside_interface permit tcp host 10.0.0.20 host 192.168.0.100 eq http

access-list in_inside_interface permit .....

access-list in_inside_interface permit .....

See http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

Please rate if this helped.

Regards,

Daniel

107
Views
0
Helpful
1
Replies
CreatePlease to create content