Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to Site VPN traffic filter (ACL)

I had to edit an ACL on an active S2S VPN today because traffic was being denied from a host onsite to a host on the remote site (port 449).  After I made the change, we tried to make the connection again, but it was still denied.  Do we need to tear down the S2S vpn for the change to the ACL to take effect? 

Also, what if we just wait for the connection to rekey itself?  Will it work after that?

TIA.

Dan

Everyone's tags (4)
2 REPLIES

Site to Site VPN traffic filter (ACL)

Hi Dan,

Please use the "crypto ipsec sa peer xxxx.xxxx.xxxx.xxxx" command to renegotiate Phase II, it is the recommended action.

Let me know.

Please rate any post you find useful.

Re: Site to Site VPN traffic filter (ACL)

Hi Dan,

Kindly use the 'clear crypto sa peer a.b.c.d' command. Make sure you've got 'mirrored' crypto ACL on both ends of the VPN. Also, make use of the 'debug crypto' commands to dig deeper.

Sent from Cisco Technical Support iPhone App

373
Views
0
Helpful
2
Replies