Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX version 6.3 and VPN Client

I have an old PIX, running version 6.3. Its version cannot be upgraded due to hardware limitation.

I am setting up IPSEC VPN, with split-tunnel disabled.

However, the client was not able to connect to Internet.

Below is part of the configuration.

ip local pool internetvpn1 10.30.11.1-10.30.11.7

vpngroup internetvpn1address-pool internetvpn1

vpngroup internetpub1 dns-server 123.4.5.6

vpngroup internetpub1 idle-time 86400

vpngroup internetpub1 password *********

I can login to VPN Client, but when I do nslookup, PIX will show log as below

110001: No route to 123.4.5.6 from 10.30.11.1

110001: No route to 123.4.5.6 from 10.30.11.1

Anybody have any idea?

Everyone's tags (2)
2 REPLIES
New Member

PIX version 6.3 and VPN Client

I just found out that in version 6.x, traffic cannot pass through when the security level are the same.

For VPN Client, user traffic came from outside interface.

If split-tunneling is disabled and user want to access Internet, it has to go out from outside interface as well.

As "same-security-traffic permit inter-interface" is not available in 6.x, it become impossilbe for VPN client to access Internet, when split-tunneling is disabled.

Am I correct?

New Member

PIX version 6.3 and VPN Client

I upgraded firewall to version 7.0 and problem resolved.

227
Views
0
Helpful
2
Replies