VPN to Three Sites, getting issues with one. Please audit config.

Discussion in 'Cisco' started by Evolution, Dec 15, 2005.

  1. Evolution

    Evolution Guest

    Does anyone see anything wrong with this config?
    access-list 100 permit ip 172.16.133.0 255.255.255.0 192.168.168.0
    255.255.255.0
    access-list 100 permit ip 172.16.133.0 255.255.255.0 172.16.135.0
    255.255.255.0
    access-list 110 permit ip 172.16.133.0 255.255.255.0 192.168.168.0
    255.255.255.0
    access-list 130 permit ip 172.16.133.0 255.255.255.0 172.16.135.0
    255.255.255.0
    access-list 140 permit ip host 24.43.199.10 10.1.0.0 255.255.0.0
    access-list 140 permit ip host 24.43.199.10 host 192.168.200.10
    access-list 140 permit ip host 24.43.199.10 10.10.10.0 255.255.255.0
    sysopt connection permit-ipsec
    crypto ipsec transform-set myset esp-3des esp-md5-hmac
    crypto map mymap 10 ipsec-isakmp
    crypto map mymap 10 match address 140
    crypto map mymap 10 set peer 64.115.172.99
    crypto map mymap 10 set transform-set myset
    crypto map mymap 20 ipsec-isakmp
    crypto map mymap 20 match address 110
    crypto map mymap 20 set peer 64.115.182.84
    crypto map mymap 20 set transform-set myset
    crypto map mymap 30 ipsec-isakmp
    crypto map mymap 30 match address 130
    crypto map mymap 30 set peer 66.40.19.2
    crypto map mymap 30 set transform-set myset
    crypto map mymap interface outside
    isakmp enable outside
    isakmp key ******** address 64.115.172.99 netmask 255.255.255.255
    isakmp key ******** address 64.115.182.84 netmask 255.255.255.255
    isakmp key ******** address 66.40.19.2 netmask 255.255.255.255
    isakmp identity address
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption 3des
    isakmp policy 10 hash md5
    isakmp policy 10 group 1
    isakmp policy 10 lifetime 86400


    I can establish tunnels to 20 and 30, but get ACL errors with 10...not
    sure what the problem could be. Please audit this config. Thanks!

    -rws
    Evolution, Dec 15, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Doug Fox
    Replies:
    5
    Views:
    1,275
    Moe Trin
    Nov 28, 2005
  2. -pau.fr
    Replies:
    0
    Views:
    708
    -pau.fr
    Oct 29, 2006
  3. Replies:
    0
    Views:
    1,021
  4. john
    Replies:
    0
    Views:
    592
  5. Harry Stottle
    Replies:
    0
    Views:
    1,000
    Harry Stottle
    Jan 5, 2010
Loading...

Share This Page