From: tom cheung (tkc9789@xxxxxxxxxxx)
Date: Fri Jan 04 2002 - 15:52:49 GMT-3
Cisco strongly discourages the use of "any" when defining what traffic to
encrypt. According to Cisco, the result of using "any" will be
unpreditable. If you really wanted to permit any, try the following:
permit ip a.b.c.d x.x.x.x 0.0.0.0 127.255.255.255
permit ip a.b.c.d x.x.x.x 128.0.0.0 127.255.255.255
And of course, the access-list has to be mirror images on the two routers.
>From: "Huy Luu" <Huy_Luu%COMMONWEALTH@ccginc.com>
>Reply-To: "Huy Luu" <Huy_Luu%COMMONWEALTH@ccginc.com>
>To: ccielab@groupstudy.com
>Subject: VPN
>Date: Fri, 4 Jan 2002 12:20:00 -0500
>
>Hello all,
>
>Iam having problems with VPN. here is the topology:
>
>r1------ r2--------- r3
>
>When I define traffic that should be encrypted from r1 to r2, I defined
>two specific network and the traffic is encrypted. When I define an
>access-list with any as the source and the destination of a network behind
>r2, it does not work. I get the following error:
> %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at
>10.10.10.2
>
>Why does the router fail when I define any as the source ip of the traffic
>that should be encrypted?
>
>Thankyou all in advance.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:16 GMT-3