Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

site-to-site vpn with public ip inside

I configured a site-to-site vpn with private ip inside and it function properly. Then I tested it with public ip inside and I got an error message

IPSEC (sa_initiate) : ACL = no sa created

The only thing what I have changed is the access-list command

access-list 100 permit ip 10.10.10.0 255.255.255.0 10.10.11.0 255.255.255.0

in

access-list 100 permit ip 111.111.111.0 255.255.255.0 200.200.200.0 255.255.255.0

and the ip address at inside interfaces.

I use 3DES, SHA, DH=1 and PSK for phase1 and 3DES, SHA for phase2

What´s going wrong?

Regards

Helmut

1 REPLY

Re: site-to-site vpn with public ip inside

Can you post your config .. if you are using a public routable address to terminate the tunnel then the crypto map needs to be applied to the external interface.

89
Views
0
Helpful
1
Replies