Also you should ignore the packet-tracer output and check the 'show cyrpto
ipsec sa' output on both sides.
Are the encr/decr counters incrementing adequately?
Regards
Farrukh
On Mon, Jun 1, 2009 at 11:02 AM, Bogdan Sass <bogdan.sass_at_catc.ro> wrote:
> Farrukh Haroon wrote:
>
>> Why are you using this strange mask in the ACL?
>>
>> 10.1.1.15 255.255.252.255
>>
>>
>>
> Hmmm... good question :) . I didn't notice that (the config was not
> written by me - I was just called to troubleshoot it). However, I have come
> upon this problem on several devices, so it shouldn't be related to the
> mask.
>
> Nevertheless, I will ask about the mask, and I will let you know what I
> find out. Thank you!!
>
>
> --
> Bogdan Sass
> CCAI,CCSP,JNCIA-ER,CCIE #22221 (RS)
> Information Systems Security Professional
> "Curiosity was framed - ignorance killed the cat"
Blogs and organic groups at http://www.ccie.net
Received on Mon Jun 01 2009 - 11:05:18 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:36 ART