From: Erick B. (erickbe@xxxxxxxxx)
Date: Thu Feb 22 2001 - 01:58:54 GMT-3
After changing the ACL, you need to do 'clear crypto
sa'. If this doesn't do it then a reboot may be
needed.
I had the same problem as you, and clear didn't clear
it up all the time. Rebooting the router after
changing ACL from wide open to gre host as in the
example I had from cisco.com did it.
--- fwells12 <fwells12@hotmail.com> wrote:
> Just started playing with security related configs
> and ran into what =
> could be a problem. I setup Fatkids IPSec 393 ( =
> http://www.fatkid.com/html/393_ipsec.html ) and all
> is fine. I =
> initially used a wide-open access list before
> locking it down to =
> specifics and it appeared to work OK. I did not get
> any debug output =
> from the following commands though: debug crypto
> <isakamp/ipsec/engine> =
> which I found odd. Some show commands did show that
> I was encrypting =
> though so I guess its working fine.
>
> After changing the access lists to match those in
> the lab, I found I =
> could not ping across the networks any longer. The
> access lists look =
> fine to me. Can anyone see anything wrong with
> them? =20
>
> The potential problem:
> When I changed back to the original fully-open
> access lists I mentioned =
> earlier, I was forced to reboot the routers to have
> them work correctly =
> again. I used the help to see if I could possibly
> find a command which =
> can clear whatever it is that makes me reboot, but
> alas I didn't find =
> anything that worked. Any suggestions?
>
> One more question please...
> I attempted to configure another IPSec lab earlier (
> =
> http://www.cisco.com/warp/public/707/manual.html )
> and ran into a =
> problem trying to add the 'set security association
> inbound ...' =
> commands. I couldn't even find those options on my
> IOS. I am running =
> 12.1.5T. Any thoughts?
>
> Cheers
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:56 GMT-3