Sunday, September 29, 2013
Cisco ASA: VPN Doesnt Work After Deleting And Reapplying Interesting Traffic ACL
I dont recall running into this before (maybe once), but this client is running code 8.4(5) and I ran into this little problem. I decided I needed to redo one of the site to site VPN ACLs. So, I deleted it and added it back in again (with a different criteria). here is what I did:
ASA(config)# clear configure access-list remote_vpn
ASA(config)#access-list remote_vpn permit ip host 10.98.1.28 host 172.16.1.38
When I went to test this out, I noticed my VPN didnt come back up. Normally, I dont think I have ever had to go back and reapply the crypto map 'match' statement. But, in this case, I did have to. Im not sure if this was a code thing or if my memory just fails me of all the times in the past where I have had to redo an ACL for a site to site VPN. But I DID have to reapply it.
ASA(config)# crypto map S2SVPN 30 match add remote_vpn
I thought I would share this if someone has problems getting their site to site VPN back up after deleting and reapplying an ACL for a VPN.