Pat Some comments:
1. For IPSec to work the access list at the other end for the crypto map priority that is matched in the SA must be the mirror of yours ie. access-list 120 permit ip 10.54.1.0 0.0.0.255 10.55.1.0 0.0.0.255 2. issue a "sh crypto ipsec sa" command with the access list still active and the with the access list deleted. The output of this command will tell you if any IPSec connections have been formed. 3. Try a "debug crypto isakmp" and "debug crypto ipsec" and apply the crypto map to the interface and watch the debug output. Example outputs are on the CCO... 3. Is this same access list applied to the interface you telnet to the other router in such a way that removing it leaves a deny any any on that interface ( I assume the access list 20 you refer to is actually access list 120)? Hope this helps. Cheers Jim Gillen Snr Communications Engineer AUSTRAC Ph: 9950 0842 Fax: 9950 0074 >>> pat 21/05/02 14:00:38 >>> This message has been scanned by MAILSweeper. ************************************************************ I am trying to set up site to site tunnel between cisco routers. I am having problem with crypto access list on remote outers. I am configrung access-list 120 & crypto commands as follows crypto isakmp policy 10 authentication pre-share crypto isakmp key ****** address XX.XX.XX.XX ! ! crypto ipsec transform-set test esp-3des esp-md5-hmac ! crypto map test 20 ipsec-isakmp set peer XX.XX.XX.XX set transform-set test match address 120 access-list 120 permit ip 10.55.1.0 0.0.0.255 10.54.1.0 0.0.0.255 I have acess to remote routers through telnet over the internet. List 20 is in no way related to my access. But when I try to remove access-list 20 i loose my telnet session & can't ping it either. This happened on multiple remote routers. I am using IOS (tm) C2600 Software (C2600-IK9O3S-M), Version 12.2(3), RELEASE SOFTWARE (fc1) In ideas why this is happening ? Thank you all, Pat __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com __________________________________________________________________ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44598&t=44598 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
