Hello everybody,
I have the following configuration for a Remote Access VPN on a PixOS 7.0(2):
crypto ipsec transform-set 3des esp-3des esp-sha-hmac
crypto dynamic-map TEST 10 set peer A.B.C.D
crypto dynamic-map TEST 10 set transform-set 3des
crypto map TEST_MAP 10 ipsec-isakmp dynamic TEST
tunnel-group TEST_GROUP type ipsec-ra
tunnel-group TEST_GROUP general-attributes
default-group-policy TEST_POLICY
tunnel-group TEST_GROUP ipsec-attributes
pre-shared-key *
group-policy TEST_POLICY internal
group-policy TEST_POLICY attributes
vpn-idle-timeout 60
nem enable
username TEST_USER password XXXXX encrypted
username TEST_USER attributes
vpn-filter value ACL-TEST_USER
password-storage enable
The client connecting is a Cisco VPN Client HArdware 3002.
The Tunnel goes up and works fine except the ACL-TEST_USER vpn-filter option.
This ACL Contains some permits ... but i notice that all the traffic is permitted regardless of what is specified on the ACL.
I've found a Bug:
CSCsc49873
Symptom:
The VPN-filter configured for remote VPN clients on a PIX firewall might not
take effect when no xauth authentication is
configured for that remote access VPN client.
And i think it could be my case but i've not found *where* this option "xauth authentication" should be enabled on my Configuration.
Any Help will be appreciated. :)
thanks
Francesco