Re: [fw-wiz] asa 5505 vpn ipsec l2l problem



and when i'm applying acl in crypto map
crypto map abcMap 1 match address acl
i'm getting this log:
Ignoring msg to mark SA with specified coordinates <abcMap, 1> dead

i don't have any debug messages (debug crypto ipsec 100) google it but
haven't found
any answer.

thank you for your answers!

acl
access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.13 eq
4000
access-list acl extended permit tcp host 192.168.11.11 host 10.1.110.250
eq 4000
access-list acl extended permit tcp host 192.168.11.11 eq ftp host
10.1.100.105 eq ftp
access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.105
eq ftp-data
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.13 eq
4000
access-list acl extended permit tcp host 192.168.11.12 host 10.1.110.250
eq 4000
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105
eq ftp
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105
eq ftp-data


You can only use 'permit ip' in an access-list used for crypto map match,
and your access-list is set to use tcp.

If you need to filter VPN traffic down to the port and protocol level, use
the access-list applied to the outside interface, not the access-list
applied to the VPN tunnel's crypto map.

PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards