Crypto map address matching

Discussion in 'Cisco' started by professorguy, Sep 15, 2006.

  1. professorguy

    professorguy

    Joined:
    Sep 15, 2006
    Messages:
    39
    I have a firewall that has a site-to-site VPN connection. Boiled down, it looks like this:

    ----------------------
    access-list list1 permit ip host 10.1.1.1 host 1.1.1.1
    access-list list2 permit ip host 10.1.1.1 host 2.2.2.2

    crypto map cm 10 match address list1
    ...
    crypto map cm 20 match address list2
    ----------------------

    When I try to connect my 10.1.1.1 machine to 2.2.2.2, the crypto map seems to use the list1 access-list. I can see the hitcount go up on the list1 access-list but the list2 access-list stays stubbornly at 0.

    The crypto maps only match on the source?!? How can one server connect to several different endpoints?

    Thanks in advance for shedding some light here.

    ><professorguy
     
    professorguy, Sep 15, 2006
    #1
    1. Advertising

  2. professorguy

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    have u configured two separate tunnels on the PIX ? it'll be easier to troubleshoot if u post the VPN configuration part along with the NO NAT ACLS...
     
    swapnendu, Sep 16, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dave Enenkel

    BGP and crypto map

    Dave Enenkel, Nov 10, 2003, in forum: Cisco
    Replies:
    6
    Views:
    1,018
    Dave Enenkel
    Nov 19, 2003
  2. anonymous
    Replies:
    1
    Views:
    104,366
    anonymous
    Apr 28, 2006
  3. Jarek Jarzebowski

    BGP - route-map matching clients IP.

    Jarek Jarzebowski, Sep 5, 2006, in forum: Cisco
    Replies:
    2
    Views:
    702
    Jarek Jarzebowski
    Sep 6, 2006
  4. uberGeekk@gmail.com

    VPN on ASA - No Matching Crypto Map Entry

    uberGeekk@gmail.com, Oct 24, 2007, in forum: Cisco
    Replies:
    1
    Views:
    8,843
    Walter Roberson
    Oct 24, 2007
  5. Markus Marquardt

    PIX 7.2: no crypto map matching problem

    Markus Marquardt, Jul 9, 2009, in forum: Cisco
    Replies:
    0
    Views:
    1,110
    Markus Marquardt
    Jul 9, 2009
Loading...

Share This Page