PDM doesn't work with multiplce ACL???

[splicerguy]

After I added a VPN configuration to my PIX515 I cannot load the PDM configuration screen.

I assume it has to do with multiple acls? Is there a workaround?

I believe this is where it gets stuck:

access-list 101 permit 10.1.1.1 255.255.255.0 172.16.1.0 255.255.255.0
nat (inside) 0 access-list 101

Thanks.

 

[dopehead]

Probably because you use the same acl for different things, like nat 0 and crypto acl at the same time, this is not supported nor is it recommended.

Network Systems Engineer
CCNA/CQS/CCSP/Infosec
Check the danish Cisco CSA Forum here :

http://www.csaforum.dk

 

[splicerguy]

I'm not sure how to fix the problem...

The following is how I configured the VPN (per CISCO tutorial):

isakmp enable outside

isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000

isakmp key abcd117 address 64.180.108.100 netmask 255.255.255.255

access-list 101 permit ip 192.168.24.0 255.255.255.0 192.168.25.0 255.255.255.0

crypto ipsec transform-set chevell esp-des esp-md5-hmac

crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address 101
crypto map transam 1 set peer 64.180.108.100
crypto map transam 1 set transform-set chevelle

crypto map transam interface ouside

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

 

[dopehead]

Create a new access-list with the same content as the "101" acl and apply it to either the crypto or the nat 0 statements.

access-list 102 permit ip 192.168.24.0 255.255.255.0 192.168.25.0 255.255.255.0

crypto map transam 1 match address 102

This will stop errors in pdm.

Network Systems Engineer
CCNA/CQS/CCSP/Infosec
Check the danish Cisco CSA Forum here :

http://www.csaforum.dk