Figured out last week, that the Cisco ASA will not establish a phase 2 sa / ipsec sa when the crypto acl contains objects which contain ip ranges. Like object network xxxx range 1.1.1.5 1.1.1.67 So does anyone know if that is ASA specific, or does it always need to be a valid subnet/prefix? Couldnt find it in the rfc.
No comments:
Post a Comment