Thank you guys. All is clear for now.
... stay tuned for more bitching about later :-)
Sadiq
On Thu, Apr 30, 2009 at 1:07 AM, Ben Holko <ben_at_holnet.net> wrote:
> this is expected behaviour - the dynamic crypto entry should always be at
> the higher priority
>
> Ben
>
> ________________________________
>
> From: nobody_at_groupstudy.com on behalf of Sadiq Yakasai
> Sent: Thu 30/04/2009 7:16 AM
> To: Cisco certification; Cisco certification
> Subject: Static + Dynamic crypto map on the same interface
>
>
>
> Hi Guys,
>
> After troubleshooting this mutha f**ker for 4 days, i am only coming to
> this
> realization.
>
> When I have a Dynamic as well as a Static crypto map configuration on the
> same interface (Outside) of an ASA, the Dynamic entry needs to have a
> higher
> entry number (lower priotity) than the Static for the L2L (Static) VPN to
> work! Whenever I put the Dynamic entry first, the L2L VPN just doesnt work.
>
> The remote (Dynamic, EZVPN) config works regardless of the order though.
> Anyone seen this behaviour or is this related to the version of code I am
> running. This is 8.0. Or is this really "known" information which I have
> missed somehow.
>
> Excuse my languge pls, need to vent it out somewhere :-)
>
> Thanks as usual guys,
> Sadiq
>
> --
> CCIE #19963
>
>
>
>
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Thu Apr 30 2009 - 09:15:21 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART