Hi I have just setup a IPSEC tunnel between to routers and tunneling a source address of 192.168.50.1 going to a host on router B 172.x.x.x./24 Everything works with the current configs given below. But I want to change the acl 101 on router B from using a class A mask to something like a class C mask or even a host address. I have changed the ACL 101 and even added a deny ip any any log to the end to see what is being dropped. The VPN tunnel doesnt come up unless I use a class A mask like showen below. I know this is an ACL but is being used for matching traffic, do they work differently and dont support host address ??
Thanks Ian Here is the config of router A ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key cisco address 10.10.10.10 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.10 set transform-set TEST match address 101 access-list 101 permit ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 101 permit ip 192.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255 Here is the config router B crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key password address 10.10.10.20 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.20 set transform-set TEST match address 101 access-list 101 permit ip 172.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255 access-list 101 permit ip host 10.10.10.10 host 10.10.10.20 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71341&t=71341 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
