Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

After PIX upgrade from 6.3 to 7.2(2) VPN doesn?t work

Hi There,

I have configured site-to-site VPN between PIX and router 871. After upgrade to version 7 , I am not able to access the remote network. I am using ver 7.2(2) in the pix and IOS ver 12.4(6)T2 in the router. The ACLs for no nat and encryption are :

access-list encryp permit ip 172.16.0.0 255.240.0.0 192.168.130.0 255.255.254.0

access-list encryp permit ip 192.168.0.0 255.255.255.0 192.168.130.0 255.255.254.0

access-list nonat permit ip 172.16.0.0 255.240.0.0 192.168.128.0 255.255.128.0

access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.128.0 255.255.128.0

Is possible that the pix OS ver 7 do not support this ACLs type (IP class B with mask /12 or IP class C with mask /17 ??

Thx

1 REPLY
New Member

Re: After PIX upgrade from 6.3 to 7.2(2) VPN doesn?t work

Hi c-quinteros,

Whoever designed the Pix firewall should be

shot. It's so F! stupid. But enough of my

ranting.

I ran into the same problem you have before

when upgrading from 6.3(5) to 7.2(2). You

need to do this for it to work:

tunnel-group DefaultRAGroup ipsec-attributes

isakmp ikev1-user-authentication (outside) none

keep in mind that these are "hidden" command.

WTF!

for version 7.1(2):

tunnel-group DefaultRAGroup general-attributes

authentication-server-group (outside) none

Good luck.

David

CCIE Security

151
Views
0
Helpful
1
Replies