Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

EzVPN clients cannot connect to the PIX with software version 7.x / ASA configured with ASDM

Core issue

This issue is documented in Cisco bug ID CSCsc10806.

In the Virtual Private Network (VPN) wizard, the Adaptive Security Device Manager (ASDM) creates and applies a crypto Access Control List (ACL) on the dynamic crypto map. This crypto ACL is automatically created based on the IP address pool configured.

The crypto ACL works well for most software VPN clients. However, problems occur when the software VPN client uses split-tunneling. Similarly, hardware clients can face problems. For example, the tunnel does not come up in VPN3002 when the hardware client is used in Port Address Translation (PAT)/client mode or in network-extension mode.

Resolution

For  a workaround, remove the crypto dynamic-map command configuration from the PIX configurations as shown in this example.

Hostname(config)#no crypto dynamic-map < vpnif_dyn_map >20 match address < vpnif_cryptomap_dyn_20 >

712
Views
0
Helpful
0
Comments