[c-nsp] pix version 7.x

Jim McBurnett jim at tgasolutions.com
Thu Jan 12 22:56:15 EST 2006


Joseph,

Make sure you have all your preshared keys..  In 7.0.1 it will delete
the preshared keys in an upgrade...
VPN spilt tunnel ACLS are converted to standard ACL if they are extended
acls....

I would recommend reading all the caveats and check the latest interim
release before you upgrade.....

J 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joseph Jackson
Sent: Thursday, January 12, 2006 1:57 PM
To: 'Garry Glendown'; Joseph Jackson; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] pix version 7.x

All remote sites are pix 525's running 6.34

-----Original Message-----
From: Garry Glendown [mailto:gkg at gmx.de]
Sent: Thursday, January 12, 2006 10:48 AM
To: Joseph Jackson; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] pix version 7.x

Joseph Jackson wrote:
> Hey all,
> 
>  
> 
>             I am planning an upgrade on our pix to 7.x soon and was 
> wondering if I will see any problems with our site to site vpn's after
this
> upgrade?  The other sites connect through their own pixen but we 
> didn't
want
> to do an upgrade on them just yet as they are overseas and theres no 
> on
the
> ground support in case something were to go wrong.  

What's the systems on the other side? I'm having some problems with a
pix-checkpoint VPN ... IKE msgs from the checkpoint to the Pix are
answered by PIX, but checkpoint just keeps on sending the first package
as if it hadn't been answered ... same config to a 6.3 works fine
without any problems ... (tested with 7.0.2/7.0.4)

Apart from that, no problems with either Pix6.x or Cisco VPN client as
remote VPN site ...

-gg
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list