No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


IPSEC—problems caused by several acl rules

Publication Date:  2012-09-11 Views:  437 Downloads:  0

Issue Description

USG2120 Constitutes ipsec with Cisco3845 router, there is no problem if write address of web server only in acl, add a town bureau network segment into acl, access failed.

Alarm Information


Handling Process

Constitute another acl, write into network segment of town bureau, constitute a strategy then, as follows:
ipsec policy map1 10 isakmp
    security acl 3000
    proposal tran1
    ike-peer b
ipsec policy map1 11 isakmp
    security acl 3001
   proposal tran1   
    ike-peer b
apply to interface, problem solved.

Root Cause

 Configure several acl rules on board-end, only one rule works, add ip address from town bureau into acl still negative.


 Pay attention to the regulation of acl.