VPN issue, UC8.0

Answered Question
Jan 20th, 2010

Hi,

I´m having difficulties with split tunneling after upgrading to the 8.0 software pack. Anyone else have this issue? I can´t reach the network.. no ping reply from the UC.

My config;

crypto isakmp client configuration group EZVPN_GROUP_1

key <removed

dns 192.168.3.10 8.8.8.8

wins 192.168.3.10

domain tele-competanse

pool SDM_POOL_1

max-users 10

acl 109

crypto isakmp profile sdm-ike-profile-1

   match identity group EZVPN_GROUP_1

   client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1

   isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1

   client configuration address respond

   virtual-template 1

!

interface Virtual-Template1 type tunnel

ip unnumbered Vlan1

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile1

!

ip local pool SDM_POOL_1 192.168.254.240 192.168.254.249

!
access-list 109 remark SDM_ACL Category=4
access-list 109 permit ip 192.168.3.0 0.0.0.255 any
access-list 109 permit ip 192.168.4.0 0.0.0.255 any
access-list 109 permit ip 10.2.2.0 0.0.0.255 any
access-list 109 permit ip 10.2.10.0 0.0.0.3 any
access-list 109 permit ip 192.168.1.0 0.0.0.255 any
!
!
Please help.
Thanks,
Eivind
I have this problem too.
0 votes
Correct Answer by Steven Smith about 6 years 10 months ago

If you downgrade in CCA and CUE is downgraded, I believe CUE will be defaulted.  I haven't heard of any problems running CUE 7.1 and CME 7.1 together.  You should be fine with that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Steven Smith Wed, 01/20/2010 - 15:33

I am having some problems with my 8.0 system, let me look into this more.

Eivind Jonassen Mon, 01/25/2010 - 12:10

Hi Steven,

Any update on this???

I also saw that our UC reloaded due to software crash this morning. My guess is that the IOS has some bugs, is there any alternative IOS releases for the 8.0 version I can download???

Thanks,

Eivind

Steven Smith Mon, 01/25/2010 - 12:20

Hi Eivind,

Actually today, there is an update on this.  I spoke to some development and QA guys, and when doing split tunneling with EZVPN in CCA 2.2, it doesn't configure it correctly.  Bug was created last night on this.

CSCte60612:   after Split tunneling config, client can NOT reach UC500 behind

Workaround: delete FW and re-enable the FW include VTI interface as inside.

As far as the crash you experienced, I would recommend opening a case for it.  Alternatives for 8.0 are 7.1.3.  We are looking at getting another software pack out, but the time frame for this has not been established.  Let me know if this works for you.

Eivind Jonassen Mon, 01/25/2010 - 12:30

Well,

I´ve tried the workaround earlier, but the issue wasn´t completely resolved. I got some complaints from other collegues that they were not able to reach our file server when using VPN. This error occured every now and then.

I´ll try downgrading the IOS, should I expect any issue with the CUE if I downgrade the IOS??

Thanks,

Eivind

Correct Answer
Steven Smith Mon, 01/25/2010 - 12:51

If you downgrade in CCA and CUE is downgraded, I believe CUE will be defaulted.  I haven't heard of any problems running CUE 7.1 and CME 7.1 together.  You should be fine with that.

Eivind Jonassen Thu, 01/28/2010 - 04:48

We are also experiencing software reload with this image. I've opened a TAC case and will keep you posted.

Thanks,

Eivind

Eivind Jonassen Thu, 01/28/2010 - 23:10

I've downgraded the IOS to uc500-advipservicesk9-mz.124-20.T2 and all issues are resolved.

The TAC case is SR 613515163 in case you wish to follow it.

Thanks,

Eivind