Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Crypto map address matching

Thread Tools

Crypto map address matching

professorguy professorguy is offline
Join Date: Sep 2006
Posts: 39
I have a firewall that has a site-to-site VPN connection. Boiled down, it looks like this:

access-list list1 permit ip host host
access-list list2 permit ip host host

crypto map cm 10 match address list1
crypto map cm 20 match address list2

When I try to connect my machine to, the crypto map seems to use the list1 access-list. I can see the hitcount go up on the list1 access-list but the list2 access-list stays stubbornly at 0.

The crypto maps only match on the source?!? How can one server connect to several different endpoints?

Thanks in advance for shedding some light here.

Reply With Quote
swapnendu swapnendu is offline
Join Date: Sep 2006
Posts: 57
have u configured two separate tunnels on the PIX ? it'll be easier to troubleshoot if u post the VPN configuration part along with the NO NAT ACLS...
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 7.2: no crypto map matching problem Markus Marquardt Cisco 0 07-09-2009 03:08 PM
VPN on ASA - No Matching Crypto Map Entry Cisco 1 10-24-2007 10:30 PM
vpn on asa - no matching crypto map entry problem anonymous Cisco 1 04-28-2006 02:20 PM
Remove crypto map Aaron Cisco 1 06-09-2004 07:30 PM
BGP and crypto map Dave Enenkel Cisco 6 11-19-2003 08:48 AM