Re: [fw-wiz] asa 5505 vpn ipsec l2l problem
- From: "Paul Melson" <pmelson@xxxxxxxxx>
- Date: Fri, 2 Oct 2009 12:05:54 -0400
and when i'm applying acl in crypto maphaven't found
crypto map abcMap 1 match address acl
i'm getting this log:
Ignoring msg to mark SA with specified coordinates <abcMap, 1> dead
i don't have any debug messages (debug crypto ipsec 100) google it but
any answer.4000
thank you for your answers!
acl
access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.13 eq
access-list acl extended permit tcp host 192.168.11.11 host 10.1.110.250eq 4000
access-list acl extended permit tcp host 192.168.11.11 eq ftp host10.1.100.105 eq ftp
access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.105eq ftp-data
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.13 eq4000
access-list acl extended permit tcp host 192.168.11.12 host 10.1.110.250eq 4000
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105eq ftp
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105eq ftp-data
You can only use 'permit ip' in an access-list used for crypto map match,
and your access-list is set to use tcp.
If you need to filter VPN traffic down to the port and protocol level, use
the access-list applied to the outside interface, not the access-list
applied to the VPN tunnel's crypto map.
PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] asa 5505 vpn ipsec l2l problem
- From: Hrvoje Popovski
- [fw-wiz] asa 5505 vpn ipsec l2l problem
- Prev by Date: Re: [fw-wiz] secure firewall rule management program
- Next by Date: Re: [fw-wiz] asa 5505 vpn ipsec l2l problem
- Previous by thread: Re: [fw-wiz] asa 5505 vpn ipsec l2l problem
- Next by thread: Re: [fw-wiz] asa 5505 vpn ipsec l2l problem
- Index(es):
Relevant Pages
|
