Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN and not ipsec trafic in the same interface

Hi all!

I have a problem! I use outside interface for the easyVPNserver in my PIX 535 (some user use cisco vpn client to connect on my PIX to use some security servers) :

crypto map xxx_map interface outside

isakmp enable outside

bat at the same time I want to pass the ip traffic through (not ip-sec) the same interface "outside". And I see in my syslog server the next:

PIX-6-110001: No route to 10.1.136.11 from 10.1.102.195

I have route table :

route outside 0.0.0.0 0.0.0.0 10.1.0.9 1 OTHER static

10.1.102.195 - It is the address the give me the PIX from it local pool:

ip local pool yyy 10.1.102.129-10.1.102.254

config vpngoup the next:

vpngroup xxxgroup adderss-pool yyy

vpngroup xxxgroup idle-time 1800

vpngroup xxxgroup password ********

Help! is it possible?

7 REPLIES

Re: VPN and not ipsec trafic in the same interface

New Member

Re: VPN and not ipsec trafic in the same interface

Andrew!

I'm sorry, but your links does no open. I see the next:

Forbidden File or Application

The file or application you are trying to access may require additional entitlement or you are trying to access a file with an invalid name. Additional entitlement levels are granted based on a users relationship with Cisco on a per-application basis.

If you feel you have reached this page in error, please try one of the following methods to locate your document:

1. If you are manually entering the URL into your browser location bar, be sure to include the file name of the page you are trying to access (file names typically end in .htm, .html or .shtml).

2. Use the Search feature located in the upper right section of this page.

3. Return to the Cisco.com Home or select a primary site area from the top navigation bar.

4. Consult with your Cisco Account Manager to confirm you have the appropriate entitlement to access this page.

If you would like to contact someone about this problem, please click on the Contacts & Feedback link below.

Re: VPN and not ipsec trafic in the same interface

OK,

configure the below in the ASA and re-test:-

same-security-traffic permit intra-interface

HTH>

New Member

Re: VPN and not ipsec trafic in the same interface

HI!

I'm soo sorry that I don't tell You. Version of my PIX 6.3(5), and It does not have this command.

Re: VPN and not ipsec trafic in the same interface

if you want to take advantage of this feature - you need to upgrade your device to version 7.x or 8.x

HTH>

New Member

Re: VPN and not ipsec trafic in the same interface

Sorry but we can not change this version. We have certification for this version only.

You tell that it is possible for version 7. 8.

You don't know how do this in 6.3, am I right?

Re: VPN and not ipsec trafic in the same interface

The functionality is not available in the ver 6.x train.

152
Views
5
Helpful
7
Replies