I have double checked. The ACLs entries do not overlap...
2009/7/23 Ryan West <rwest_at_zyedge.com>
> Mark,
>
>
>
> Good catch, I was thinking the same as well. It would be interesting to
> see what a !.show run | i crypto map!/ on the PIX shows with the relevant
> interesting traffic ACLs.
>
>
>
> -ryan
>
>
>
> *From:* Mark Cairns [mailto:m.a.cairns_at_gmail.com]
> *Sent:* Thursday, July 23, 2009 11:28 AM
> *To:* Ryan West
> *Cc:* Teu Kim Loon ��e\��; Alberto Rivai; Cisco certification;
> ccielab_at_groupstudy.com
> *Subject:* Re: IPSec VPN - Interesting traffic only trigger crypto map
> from one end
>
>
>
>
>
> Nice little summary of the error message here with someone's previous
> experience related to a peer IP that fell within another tunnel's IP proxy
> range.
>
>
>
>
http://www.velocityreviews.com/forums/t37822-pix-acldeny-no-sa-created-one-so
lution.html
>
> Mark
> #17755, Security
>
>
>
--
May All Behappy!!!
Kim Loon Teu
UE=uBW
CCIE 19369
www.kimteu.com
http://www.linkedin.com/in/kimteu
All conditioned phenomena
Are like a dream, an illusion, a bubble, a shadow
Like the dew, or like lightning
You should discern them like this
R;GPSPN*7(#,HgCN;CE]S0#,HgB6R`Hg5g#,S&WwHgJG9[
Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 23 2009 - 11:01:09 ART