2 SR520's with H/W VPN and Windows 7 doesn't work

Unanswered Question
Aug 31st, 2010
User Badges:

Hello all,

I have 2 SR520's with a hardware VPN established. I have Windows XP Machines that work great in this setup, however, Windows 7 Machines aren't able to browse to all sites on the internet (i.e. Yahoo, Newegg, MSNBC, and others). The interesting part of this, is the Windows 7 machines resolve DNS to the sites, are able to ping and traceroute to the sites. They just won't open them in a browser.

Originally I was setting this up for a client, and I have replicated the issue in my lab.

I've attached my router configs for reference.

Any help is appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Tue, 08/31/2010 - 18:16
User Badges:
  • Cisco Employee,

The following policy-map on Remote site should have the action of "inspect" instead of "pass":

policy-map type inspect sdm-permit_VT
class type inspect Easy_VPN_Remote_VT

Hope that helps.

EddieGregory Tue, 08/31/2010 - 18:27
User Badges:

Thanks Halijenn,

I'll try this first thing in the morning. FYI, I've also opened a TAC Incident, however, they were also confused as to why the XP machine worked as expected, where as the 7 box didn't.

Thanks again,


EddieGregory Wed, 09/01/2010 - 11:51
User Badges:

After many hours with TAC here is the solution. I have attached the before and after configs. I've highlighted the changes with "*****".

Great job to Andrew at Cisco TAC for hanging in there on this one, and thanks for the suggestions.



This Discussion