Thanks Alfredo. That helped. IT works now. Just needed to remove crypto map before access-list.
--- Alfredo Pulido wrote: > You will solve this problem if you first remove the > "crypto map xxx" in the > interface where you attach this "crypto map xxx", > then you can remove > access-list or change configuration in the crypto > map,etc. When you finish > the reconfiguration, you put again the "crypto map" > in the correct > interface. > > > Hope this help. > > > > -- > -- > Alfredo Pulido [EMAIL PROTECTED] > CCDA > Dept. Sistemas, IdecNet S.A. > Juan XXIII 44 // E-35004 Las Palmas de Gran > Canaria, > Las Palmas // SPAIN > Tel: +34 828 111 000 Fax: +34 828 111 112 > http://www.idecnet.com/ > -- > ""Jim Gillen"" escribis en el mensaje > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Pat > > > > Some comments: > > > > 1. For IPSec to work the access list at the other > end for the crypto map > > priority that is matched in the SA must be the > mirror of yours ie. > > > > access-list 120 permit ip 10.54.1.0 0.0.0.255 > > 10.55.1.0 0.0.0.255 > > > > 2. issue a "sh crypto ipsec sa" command with the > access list still active > and > > the with the access list deleted. The output of > this command will tell you > if > > any IPSec connections have been formed. > > > > 3. Try a "debug crypto isakmp" and "debug crypto > ipsec" and apply the > crypto > > map to the interface and watch the debug output. > Example outputs are on > the > > CCO... > > > > > > 3. Is this same access list applied to the > interface you telnet to the > other > > router in such a way that removing it leaves a > deny any any on that > interface > > ( I assume the access list 20 you refer to is > actually access list 120)? > > > > Hope this helps. > > > > > > > > > > > > Cheers > > > > Jim Gillen > > > > Snr Communications Engineer > > AUSTRAC > > > > Ph: 9950 0842 > > Fax: 9950 0074 > > > > > > > > >>> pat 21/05/02 14:00:38 >>> > > This message has been scanned by MAILSweeper. > > > ************************************************************ > > > > I am trying to set up site to site tunnel between > > cisco routers. I am having problem with crypto > access > > list on remote outers. I am configrung access-list > 120 > > & crypto commands as follows > > > > > > crypto isakmp policy 10 > > authentication pre-share > > crypto isakmp key ****** address XX.XX.XX.XX > > ! > > ! > > crypto ipsec transform-set test esp-3des > esp-md5-hmac > > ! > > crypto map test 20 ipsec-isakmp > > set peer XX.XX.XX.XX > > set transform-set test > > match address 120 > > > > > > access-list 120 permit ip 10.55.1.0 0.0.0.255 > > 10.54.1.0 0.0.0.255 > > > > > > I have acess to remote routers through telnet over > the > > internet. List 20 is in no way related to my > access. > > But when I try to remove access-list 20 i loose my > > telnet session & can't ping it either. This > happened > > on multiple remote routers. I am using > > IOS (tm) C2600 Software (C2600-IK9O3S-M), Version > > 12.2(3), RELEASE SOFTWARE (fc1) > > > > In ideas why this is happening ? > > > > Thank you all, > > Pat > > > > > > __________________________________________________ > > Do You Yahoo!? > > LAUNCH - Your Yahoo! Music Experience > > http://launch.yahoo.com > > > __________________________________________________________________ > > To unsubscribe from the SECURITY list, send a > message to > > [EMAIL PROTECTED] with the body containing: > > unsubscribe SECURITY > > > > > > > ********************************************************************** > > This email and any files transmitted with it are > confidential and > > intended solely for the use of the individual or > entity to whom they > > are addressed. If you have received this email in > error please notify > > the system manager. > > > > This footnote also confirms that this email > message has been swept by > > MIMEsweeper for the presence of computer viruses. > > > > www.mimesweeper.com > > > ********************************************************************** [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44917&t=44598 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
