Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
219
Views
0
Helpful
1
Replies

vpn-filter on PIXOS 7.0(2)

primero
Level 1
Level 1

‎03-29-2006 07:48 AM - edited ‎02-21-2020 02:20 PM

Hello everybody,

I have the following configuration for a Remote Access VPN on a PixOS 7.0(2):

crypto ipsec transform-set 3des esp-3des esp-sha-hmac

crypto dynamic-map TEST 10 set peer A.B.C.D

crypto dynamic-map TEST 10 set transform-set 3des

crypto map TEST_MAP 10 ipsec-isakmp dynamic TEST

tunnel-group TEST_GROUP type ipsec-ra

tunnel-group TEST_GROUP general-attributes

default-group-policy TEST_POLICY

tunnel-group TEST_GROUP ipsec-attributes

pre-shared-key *

group-policy TEST_POLICY internal

group-policy TEST_POLICY attributes

vpn-idle-timeout 60

nem enable

username TEST_USER password XXXXX encrypted

username TEST_USER attributes

vpn-filter value ACL-TEST_USER

password-storage enable

The client connecting is a Cisco VPN Client HArdware 3002.

The Tunnel goes up and works fine except the ACL-TEST_USER vpn-filter option.

This ACL Contains some permits ... but i notice that all the traffic is permitted regardless of what is specified on the ACL.

I've found a Bug:

CSCsc49873

Symptom:

The VPN-filter configured for remote VPN clients on a PIX firewall might not

take effect when no xauth authentication is

configured for that remote access VPN client.

And i think it could be my case but i've not found *where* this option "xauth authentication" should be enabled on my Configuration.

Any Help will be appreciated. :)

thanks

Francesco

Labels:
0 Helpful
1 Reply 1

atchu
Level 1
Level 1

‎04-03-2006 05:44 AM

do you have sysopt connection permit ipsec ?

try taking it off

0 Helpful
Customers Also Viewed These Support Documents