| Author |
Ipsec configuration
|
|
| wimpie 2003-08-18, 3:21 pm |
| Hi ,
I was playing around with 2 cisco routers with an ipsec ios installed , wanted to configure them so they can encrypt the telnet traffic to each other . I was having difficulties with the ACL and the router came back with the following error message :
1:09:33: %CRYPTO-4-RECVD_PKT_INV_IDENTITY_ACL: ipsec check access: identity not allowed by ACL
I checked out the cisco website and there they said that other traffic was being passed also by the SA ....
I added a rule in the ACL which would encrypt icmp traffic also and this worked fine so my configuration is ok .
Question : Does anybody know what extra traffic he's putting in the SA when you do a telnet ?
regards
wim | |
| ZacDogg 2003-08-21, 4:23 am |
| Are both of the access-lists referenced by the crypto-maps configured to encrypt identical traffic? | |
| wimpie 2003-08-21, 2:33 pm |
| Yes,
and the encryption rule for the icmp traffic is also included in the same access-list
Extended IP access list 101
permit tcp host 200.0.0.202 host 200.0.0.200 eq telnet
permit tcp host 200.0.0.200 host 200.0.0.202 eq telnet
permit icmp host 200.0.0.200 host 200.0.0.202
I tried with this acl but it's not functioning .
thx
Wim |
|
|
|