Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Crypto map address matching

Reply
Thread Tools

Crypto map address matching

 
 
professorguy professorguy is offline
Member
Join Date: Sep 2006
Posts: 39
 
      09-15-2006
I have a firewall that has a site-to-site VPN connection. Boiled down, it looks like this:

----------------------
access-list list1 permit ip host 10.1.1.1 host 1.1.1.1
access-list list2 permit ip host 10.1.1.1 host 2.2.2.2

crypto map cm 10 match address list1
...
crypto map cm 20 match address list2
----------------------

When I try to connect my 10.1.1.1 machine to 2.2.2.2, the crypto map seems to use the list1 access-list. I can see the hitcount go up on the list1 access-list but the list2 access-list stays stubbornly at 0.

The crypto maps only match on the source?!? How can one server connect to several different endpoints?

Thanks in advance for shedding some light here.

><professorguy
 
Reply With Quote
 
 
 
 
swapnendu swapnendu is offline
Member
Join Date: Sep 2006
Posts: 57
 
      09-16-2006
have u configured two separate tunnels on the PIX ? it'll be easier to troubleshoot if u post the VPN configuration part along with the NO NAT ACLS...
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 7.2: no crypto map matching problem Markus Marquardt Cisco 0 07-09-2009 03:08 PM
VPN on ASA - No Matching Crypto Map Entry uberGeekk@gmail.com Cisco 1 10-24-2007 10:30 PM
vpn on asa - no matching crypto map entry problem anonymous Cisco 1 04-28-2006 02:20 PM
Remove crypto map Aaron Cisco 1 06-09-2004 07:30 PM
BGP and crypto map Dave Enenkel Cisco 6 11-19-2003 08:48 AM



Advertisments