On 14/01/2013 18:38, false wrote: > I'm pretty sure I remember doing it this way several years ago. What changes > need to be made to allow these multiple crypto maps and using just one crypto > map tag on fa0/1 (isp interface)?
This looks wrong: >>>> access-list 141 permit gre any any When the crypto map is evaluated, it may be getting confused with vpnmap 10 which evaluates access-list 141, which contains a catch-all for all gre traffic. You should specify only the traffic to be encrypted in this access list (and in 131), not the encapsulating traffic. Nick _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
