Crypto map address matching

professorguy · 09-15-2006

I have a firewall that has a site-to-site VPN connection. Boiled down, it looks like this:

----------------------
access-list list1 permit ip host 10.1.1.1 host 1.1.1.1
access-list list2 permit ip host 10.1.1.1 host 2.2.2.2

crypto map cm 10 match address list1
...
crypto map cm 20 match address list2
----------------------

When I try to connect my 10.1.1.1 machine to 2.2.2.2, the crypto map seems to use the list1 access-list. I can see the hitcount go up on the list1 access-list but the list2 access-list stays stubbornly at 0.

The crypto maps only match on the source?!? How can one server connect to several different endpoints?

Thanks in advance for shedding some light here.

><professorguy

swapnendu · 09-16-2006

have u configured two separate tunnels on the PIX ? it'll be easier to troubleshoot if u post the VPN configuration part along with the NO NAT ACLS...

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PIX 7.2: no crypto map matching problem	Markus Marquardt	Cisco	0	07-09-2009 03:08 PM
VPN on ASA - No Matching Crypto Map Entry	uberGeekk@gmail.com	Cisco	1	10-24-2007 10:30 PM
vpn on asa - no matching crypto map entry problem	anonymous	Cisco	1	04-28-2006 02:20 PM
Remove crypto map	Aaron	Cisco	1	06-09-2004 07:30 PM
BGP and crypto map	Dave Enenkel	Cisco	6	11-19-2003 08:48 AM