• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

vpn site-to-site issues with a cisco asa

dir_d said:
It might be getting confused by the extended ACL you are using for the crypto map try using a regular ACL and apply that ACL to the outbound VLAN.
Click to expand...

not a bad idea. but i do need to specify source and destination address. which you can only do source if i recall
 
Yes on the interface that you wanted crypto map on then you are supposed to do the same on the other device, well thats the way ive ever known.
 
It might be getting confused by the extended ACL you are using for the crypto map try using a regular ACL and apply that ACL to the outbound VLAN.
Click to expand...

HAH. just entered a standard ACL. And when i tried to match the crypto map to it, says access-list should be of type extended.
 
:banghead: ugh!!!. I changed the acl from outbound_tunnel to a number 101. AND IT WORKED!!!!!!!. I could connect and everything. So to solve the original problem i tried power cycling WITHOUT SAVING THE CONFIG. So i set it to a numbered ACL, but it still wont establish. Just says received encrypted packet with no matching SA, dropping.
 
Sounds like the cisco ios is being picky in the extended ACLs
 
Yeah definately, i'd go as far to say thats a bug. The guides i followed, some used a number, others had a name. Just didnt think much of it, searching on the cisco support forums i found a suggestion for that.
 
You must log in or register to reply here.
Back
Top