Sunday, September 29, 2013

Cisco ASA: VPN Doesnt Work After Deleting And Reapplying Interesting Traffic ACL

I dont recall running into this before (maybe once), but this client is running code 8.4(5) and I ran into this little problem.  I decided I needed to redo one of the site to site VPN ACLs.  So, I deleted it and added it back in again (with a different criteria).  here is what I did:
ASA(config)# clear configure access-list remote_vpn
ASA(config)#access-list remote_vpn  permit ip  host host

When I went to test this out, I noticed my VPN didnt come back up.  Normally, I dont think I have ever had to go back and reapply the crypto map 'match' statement.  But, in this case, I did have to.  Im not sure if this was a code thing or if my memory just fails me of all the times in the past where I have had to redo an ACL for a site to site VPN.  But I DID have to reapply it.  

ASA(config)# crypto map S2SVPN 30 match add remote_vpn

I thought I would share this if someone has problems getting their site to site VPN back up after deleting and reapplying an ACL for a VPN.  

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.