Why doesn't the VPN encryption domain ACL show any hits?
Posted on 2011-03-10
I am testing a lan-to-lan VPN configuration using brand-new Cisco ASR 1001 routers. The remote VPN device is an older PIX device and the tunnel appears to be working great. However, I'm seeing an anomaly which I cannot figure out. Here is the encryption domain for the tunnel in question:
ip access-list extended CustomerVPN
permit ip 220.127.116.11 0.0.0.7 18.104.22.168 0.0.255.255
permit ip 22.214.171.124 0.0.0.7 126.96.36.199 0.0.255.255
permit ip 188.8.131.52 0.0.0.7 184.108.40.206 0.0.253.255
permit ip 220.127.116.11 0.0.0.7 18.104.22.168 0.0.253.255
I am originating traffic from host IP 22.214.171.124/29 destined for host 126.96.36.199/16 and I am able to successfully send ICMP & TCP connections.
However, I never see any hits on the ACL shown above?