[c-nsp] Getting a VPN to work through a Cisco firewall
Peder at NetworkOblivion
peder at networkoblivion.com
Wed Jan 11 23:06:34 EST 2006
There was a bug in early 12.3T where it wasn't creating the appropriate
holes. I don't remember the bug id, but it was really early like
12.3(1)T and 12.3(2)T. I seem to recall it being fixed around 12.3(5)T,
so if you are running an early 12.3T, you might want to upgrade.
Brett Looney wrote:
> At 09:47 12/01/2006, you wrote:
>
>>http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d33da.html
>>
>>Maybe I'm just being dense (or I'm experiencing a different issue
>>entirely)... but I'm not seeing where this touches on the VPN issue. I
>>understand that the access-lists are not, strictly speak, "written"
>>anymore, but shouldn't the VPN still have ip inspect poke the holes in the
>>ACL, whether or not those holes are readily viewable?
>
>
> Sorry - I kinda hijacked your thread there.
>
> To answer your question - yes, you should definitely have holes poked
> in the ACL by ip inspect but they won't show up doing a "show
> access-list" - you have to do "show ip inspect session detail" to see
> what ip inspect really did.
>
> B.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
--
Network stuff you didn't know....
http://www.networkoblivion.com
More information about the cisco-nsp
mailing list