IPSEC—problems caused by several acl rules

Publication Date:  2012-09-11 Views:  101 Downloads:  0
Issue Description
USG2120 Constitutes ipsec with Cisco3845 router, there is no problem if write address of web server only in acl, add a town bureau network segment into acl, access failed.
Alarm Information
NULL
Handling Process
Constitute another acl, write into network segment of town bureau, constitute a strategy then, as follows:
ipsec policy map1 10 isakmp
    security acl 3000
    proposal tran1
    ike-peer b
ipsec policy map1 11 isakmp
    security acl 3001
   proposal tran1   
    ike-peer b
apply to interface, problem solved.
Root Cause
 Configure several acl rules on board-end, only one rule works, add ip address from town bureau into acl still negative.
Suggestions
 Pay attention to the regulation of acl.

END