01-20-2010 11:44 AM - last edited on 03-25-2019 10:45 PM by ciscomoderator
Hi,
I´m having difficulties with split tunneling after upgrading to the 8.0 software pack. Anyone else have this issue? I can´t reach the network.. no ping reply from the UC.
My config;
crypto isakmp client configuration group EZVPN_GROUP_1
key <removed
dns 192.168.3.10 8.8.8.8
wins 192.168.3.10
domain tele-competanse
pool SDM_POOL_1
max-users 10
acl 109
crypto isakmp profile sdm-ike-profile-1
match identity group EZVPN_GROUP_1
client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1
isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1
client configuration address respond
virtual-template 1
!
interface Virtual-Template1 type tunnel
ip unnumbered Vlan1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
ip local pool SDM_POOL_1 192.168.254.240 192.168.254.249
Solved! Go to Solution.
01-25-2010 12:51 PM
If you downgrade in CCA and CUE is downgraded, I believe CUE will be defaulted. I haven't heard of any problems running CUE 7.1 and CME 7.1 together. You should be fine with that.
01-20-2010 11:58 AM
Hi Eivind,
I haven't tried this, let me see what happens when I do.
01-20-2010 03:33 PM
I am having some problems with my 8.0 system, let me look into this more.
01-25-2010 12:10 PM
Hi Steven,
Any update on this???
I also saw that our UC reloaded due to software crash this morning. My guess is that the IOS has some bugs, is there any alternative IOS releases for the 8.0 version I can download???
Thanks,
Eivind
01-25-2010 12:20 PM
Hi Eivind,
Actually today, there is an update on this. I spoke to some development and QA guys, and when doing split tunneling with EZVPN in CCA 2.2, it doesn't configure it correctly. Bug was created last night on this.
CSCte60612: after Split tunneling config, client can NOT reach UC500 behind
Workaround: delete FW and re-enable the FW include VTI interface as inside.
As far as the crash you experienced, I would recommend opening a case for it. Alternatives for 8.0 are 7.1.3. We are looking at getting another software pack out, but the time frame for this has not been established. Let me know if this works for you.
01-25-2010 12:30 PM
Well,
I´ve tried the workaround earlier, but the issue wasn´t completely resolved. I got some complaints from other collegues that they were not able to reach our file server when using VPN. This error occured every now and then.
I´ll try downgrading the IOS, should I expect any issue with the CUE if I downgrade the IOS??
Thanks,
Eivind
01-25-2010 12:51 PM
If you downgrade in CCA and CUE is downgraded, I believe CUE will be defaulted. I haven't heard of any problems running CUE 7.1 and CME 7.1 together. You should be fine with that.
01-28-2010 04:48 AM
We are also experiencing software reload with this image. I've opened a TAC case and will keep you posted.
Thanks,
Eivind
01-28-2010 11:10 PM
I've downgraded the IOS to uc500-advipservicesk9-mz.124-20.T2 and all issues are resolved.
The TAC case is SR 613515163 in case you wish to follow it.
Thanks,
Eivind
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: