Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN issues following PIX 535 upgrade to 7.0.4

Following my upgrade of my PIX 535 from 6.3.4 to 7.0.4, dynamic VPN Clients can no longer reach outside destinations on the web.

I've attached scrubbed config files from both the old (6.3.4) and new image version (7.0.4), in case ther are any known bugs in the auto-conversion between the two.

Thanks in advance,

Marc

4 REPLIES
Silver

Re: VPN issues following PIX 535 upgrade to 7.0.4

Take a look at the split-tunnel-policy command. I think this will fix your problem.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00804527dc.html

Hope this helps.

Steve

Gold

Re: VPN issues following PIX 535 upgrade to 7.0.4

according to the posted config v.7, the policy group seems missing as well as the split tunneling acl.

below are the sample codes:

access-list split_tunnel_remote_vpn extended permit ip

group-policy remote_vpn internal

group-policy remote_vpn attributes

vpn-idle-timeout 20

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel_remote_vpn

New Member

Re: VPN issues following PIX 535 upgrade to 7.0.4

I see the reasoning of the split tunnel policy... but in order to apply the policy to outbound traffic, wouldn't this command have to be entered into the 'client' device in a router-router or router-PIX VPN tunnel?

My issue has to do with hosts using VPN Client software to connect dynamically to a PIX535, so I'm not sure how this policy could be applied at the "hub" end of the tunnel and be applied to a client host.

*slightly confused*

Marc

Silver

Re: VPN issues following PIX 535 upgrade to 7.0.4

Marc,

Try looking at the following sample config. Hopefully it helps to answer your question.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Steve

107
Views
0
Helpful
4
Replies
CreatePlease login to create content