Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIXOS 7.0 and VPN.

Hi all,

I have general question about transfering PIX OS to 7.0.1 version.

We have changed our PIX to this ver. and after upgrade we have lost connectivity to our oposite peer. It is PIX with 6.3.4 ver.

1.)So my question is if its possible do VPN site-to-site tunnels with two PIXs with different PIXOS.?

2.)And another question is releted to client VPN. We can authenticate to our PIX with 7.0 ver with our clients but split tunneling doesnt function. We do extended ACL for splitting.




Re: PIXOS 7.0 and VPN.

1. there should not be any issue

2. v7.0.1 has a bug when converting the v6.x config to v7, i suggest you upgrade to the latest version.

bug id: CSCeh69389


When upgrading a PIX running version 6.x to 7.0, if split-tunneling

is being used for Remote Access VPN clints, then during the config

conversion process, the split-tunnel commands will fail to be

converted properly. This is because in version 6.x, extended ACLs

were allowed to be used for the split-tunnel list, whereas in 7.0

only standard ACLs are allowed.

In 7.0, the standard ACL specifies the networks for which the client

will encrypt traffic.


The following indicates that all traffic to the network

will be encrypted while all other traffic will be sent in clear text:

access-list SplitTunnel standard permit

This ACL is defined as a split tunnel list by applying it to a group-policy

as follows.

group-policy RemoteAccess internal

group-policy RemoteAccess attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SplitTunnel

New Member

Re: PIXOS 7.0 and VPN.

Hi Jack,

its very helpful for me you wrote.

So as I understand when I upgrade our PIX to

latest version I havent to convert extended ACL

configured for split tuneling to standard. It will

accept extended ACL.

M I right.?



CreatePlease to create content