[c-nsp] Getting a VPN to work through a Cisco firewall

Peder at NetworkOblivion peder at networkoblivion.com
Wed Jan 11 23:06:34 EST 2006


There was a bug in early 12.3T where it wasn't creating the appropriate 
holes.  I don't remember the bug id, but it was really early like 
12.3(1)T and 12.3(2)T.  I seem to recall it being fixed around 12.3(5)T, 
so if you are running an early 12.3T, you might want to upgrade.

Brett Looney wrote:
> At 09:47 12/01/2006, you wrote:
> 
>>http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d33da.html
>>
>>Maybe I'm just being dense (or I'm experiencing a different issue
>>entirely)...  but I'm not seeing where this touches on the VPN issue.  I
>>understand that the access-lists are not, strictly speak, "written"
>>anymore, but shouldn't the VPN still have ip inspect poke the holes in the
>>ACL, whether or not those holes are readily viewable?
> 
> 
> Sorry - I kinda hijacked your thread there.
> 
> To answer your question - yes, you should definitely have holes poked 
> in the ACL by ip inspect but they won't show up doing a "show 
> access-list" - you have to do "show ip inspect session detail" to see 
> what ip inspect really did.
> 
> B. 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 

-- 

Network stuff you didn't know....
http://www.networkoblivion.com


More information about the cisco-nsp mailing list