I have a weird problem that began after I upgraded a PIX 515 failover pair from 7.2(2) to 8.0(3). Everything seems to work OK, except remote management via VPN-client.
I've tried telnet and https but once the management connection is established there is no data received from the firewall, hence login is not possibleâ¦ I used Wireshark to verify that a connection is established but after the 3-way handshake, there is nothing except a TCP packet that seems to be out of sequence.
I can manage the firewall using a PC on the inside network but that is a somewhat troublesome workaround.
VPN-client IP: 192.168.150.0/26
Firewall inside IP: 172.31.2.254
Some lines from the configuration:
access-list nonat extended permit ip 172.31.2.0 255.255.255.0 192.168.150.0 255.255.255.0
Actually, there are some 5505 firewalls placed at network/system administrators homes. They use subnets within the same network as VPN clients, hence the difference in masks.
The thing is that packets are allowed in both directions but âsessionsâ aren't, e.g. ping works from a VPN client to the inside address. Also, when I connect using telnet there is a three-way handshake. The telnet window stays empty due to a session that never disconnects nor receives any data.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :