Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Unable to pass VPN traffic between a PIX Firewall and a router with a CBAC configuration
This problem occurs on routers that run code prior to Cisco Release 12.3(8)T.
The routers perform a double Access Control List (ACL) check on the inbound packets; once on the encrypted packet and then again on the just-decrypted clear-text packet. Packets drop during the double-check, if interesting traffic is not defined in the Context Based Access Control (CBAC) configuration.
As a workaround, allow the remote VPN subnet through the CBAC configuration.
Note: On routers that run code 12.3(8)T or later, the Crypto Access Check on Clear-Text Packets feature removes the clear-text packet check that goes through the IPSec tunnel just prior to encryption, or just after decryption.