Did you mean access-list 120, as opposed to access-list 20? If you have a crypto map applied to an interface, and remove the ACL associated with the crypto map, you get the same results as if you deleted an interface-applied ACL without removing the application- IOS assumes the null ACL is a deny any (or encrypt everything), and you will stone up traffic on that interface.
Good real-world lesson- it won't matter in the lab because (I assume) everything is direct console access- but if you're accessing a customer router in-band from its outside interface, remove the crypto map from the interface if you're modifying tunnels, otherwise you'll be calling him/her to reboot it :-) ----- Original Message ----- From: "pat" To: ; Sent: Tuesday, May 21, 2002 12:00 AM Subject: problem with crypto access list !!! > I am trying to set up site to site tunnel between > cisco routers. I am having problem with crypto access > list on remote outers. I am configrung access-list 120 > & crypto commands as follows > > > crypto isakmp policy 10 > authentication pre-share > crypto isakmp key ****** address XX.XX.XX.XX > ! > ! > crypto ipsec transform-set test esp-3des esp-md5-hmac > ! > crypto map test 20 ipsec-isakmp > set peer XX.XX.XX.XX > set transform-set test > match address 120 > > > access-list 120 permit ip 10.55.1.0 0.0.0.255 > 10.54.1.0 0.0.0.255 > > > I have acess to remote routers through telnet over the > internet. List 20 is in no way related to my access. > But when I try to remove access-list 20 i loose my > telnet session & can't ping it either. This happened > on multiple remote routers. I am using > IOS (tm) C2600 Software (C2600-IK9O3S-M), Version > 12.2(3), RELEASE SOFTWARE (fc1) > > In ideas why this is happening ? > > Thank you all, > Pat > > > __________________________________________________ > Do You Yahoo!? > LAUNCH - Your Yahoo! Music Experience > http://launch.yahoo.com > __________________________________________________________________ > To unsubscribe from the SECURITY list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44606&t=44606 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
