Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

vpn-filter on PIXOS 7.0(2)

Unanswered Question
Mar 29th, 2006
User Badges:

Hello everybody,

I have the following configuration for a Remote Access VPN on a PixOS 7.0(2):

crypto ipsec transform-set 3des esp-3des esp-sha-hmac

crypto dynamic-map TEST 10 set peer A.B.C.D

crypto dynamic-map TEST 10 set transform-set 3des

crypto map TEST_MAP 10 ipsec-isakmp dynamic TEST

tunnel-group TEST_GROUP type ipsec-ra

tunnel-group TEST_GROUP general-attributes

default-group-policy TEST_POLICY

tunnel-group TEST_GROUP ipsec-attributes

pre-shared-key *

group-policy TEST_POLICY internal

group-policy TEST_POLICY attributes

vpn-idle-timeout 60

nem enable

username TEST_USER password XXXXX encrypted

username TEST_USER attributes

vpn-filter value ACL-TEST_USER

password-storage enable

The client connecting is a Cisco VPN Client HArdware 3002.

The Tunnel goes up and works fine except the ACL-TEST_USER vpn-filter option.

This ACL Contains some permits ... but i notice that all the traffic is permitted regardless of what is specified on the ACL.

I've found a Bug:



The VPN-filter configured for remote VPN clients on a PIX firewall might not

take effect when no xauth authentication is

configured for that remote access VPN client.

And i think it could be my case but i've not found *where* this option "xauth authentication" should be enabled on my Configuration.

Any Help will be appreciated. :)



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
atchu Mon, 04/03/2006 - 05:44
User Badges:

do you have sysopt connection permit ipsec ?

try taking it off


This Discussion