cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1781
Views
0
Helpful
8
Replies

VPN issue, UC8.0

Eivind Jonassen
Level 4
Level 4

Hi,

I´m having difficulties with split tunneling after upgrading to the 8.0 software pack. Anyone else have this issue? I can´t reach the network.. no ping reply from the UC.

My config;

crypto isakmp client configuration group EZVPN_GROUP_1

key <removed

dns 192.168.3.10 8.8.8.8

wins 192.168.3.10

domain tele-competanse

pool SDM_POOL_1

max-users 10

acl 109

crypto isakmp profile sdm-ike-profile-1

   match identity group EZVPN_GROUP_1

   client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1

   isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1

   client configuration address respond

   virtual-template 1

!

interface Virtual-Template1 type tunnel

ip unnumbered Vlan1

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile1

!

ip local pool SDM_POOL_1 192.168.254.240 192.168.254.249

!
access-list 109 remark SDM_ACL Category=4
access-list 109 permit ip 192.168.3.0 0.0.0.255 any
access-list 109 permit ip 192.168.4.0 0.0.0.255 any
access-list 109 permit ip 10.2.2.0 0.0.0.255 any
access-list 109 permit ip 10.2.10.0 0.0.0.3 any
access-list 109 permit ip 192.168.1.0 0.0.0.255 any
!
!
Please help.
Thanks,
Eivind
1 Accepted Solution

Accepted Solutions

If you downgrade in CCA and CUE is downgraded, I believe CUE will be defaulted.  I haven't heard of any problems running CUE 7.1 and CME 7.1 together.  You should be fine with that.

View solution in original post

8 Replies 8

Steven Smith
Level 7
Level 7

Hi Eivind,

I haven't tried this, let me see what happens when I do.

Steven Smith
Level 7
Level 7

I am having some problems with my 8.0 system, let me look into this more.

Hi Steven,

Any update on this???

I also saw that our UC reloaded due to software crash this morning. My guess is that the IOS has some bugs, is there any alternative IOS releases for the 8.0 version I can download???

Thanks,

Eivind

Hi Eivind,

Actually today, there is an update on this.  I spoke to some development and QA guys, and when doing split tunneling with EZVPN in CCA 2.2, it doesn't configure it correctly.  Bug was created last night on this.

CSCte60612:   after Split tunneling config, client can NOT reach UC500 behind

Workaround: delete FW and re-enable the FW include VTI interface as inside.

As far as the crash you experienced, I would recommend opening a case for it.  Alternatives for 8.0 are 7.1.3.  We are looking at getting another software pack out, but the time frame for this has not been established.  Let me know if this works for you.

Well,

I´ve tried the workaround earlier, but the issue wasn´t completely resolved. I got some complaints from other collegues that they were not able to reach our file server when using VPN. This error occured every now and then.

I´ll try downgrading the IOS, should I expect any issue with the CUE if I downgrade the IOS??

Thanks,

Eivind

If you downgrade in CCA and CUE is downgraded, I believe CUE will be defaulted.  I haven't heard of any problems running CUE 7.1 and CME 7.1 together.  You should be fine with that.

We are also experiencing software reload with this image. I've opened a TAC case and will keep you posted.

Thanks,

Eivind

I've downgraded the IOS to uc500-advipservicesk9-mz.124-20.T2 and all issues are resolved.

The TAC case is SR 613515163 in case you wish to follow it.

Thanks,

Eivind

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: