[c-nsp] Client VPN issue with PIX v6.3

Randy randy_94108 at yahoo.com
Sun Nov 29 23:06:57 EST 2009



--- On Sun, 11/29/09, Graham Wooden <graham at g-rock.net> wrote:


From: Graham Wooden <graham at g-rock.net>
Subject: [c-nsp] Client VPN issue with PIX v6.3
To: "cisco-nsp" <cisco-nsp at puck.nether.net>
Date: Sunday, November 29, 2009, 7:53 PM


Hi all,

One of my VPN devices is a 525 running v6.3.5.  I am having an issue with
Client VPN sessions coming in on the outside interface while accessing
subnets that are reached by outside interface. I can access the "inside"
interface addresses just fine.  Is there some sort of limitation that I
can't access subnets out past the outside interface while having VPN
sessions terminating on the same interface?  I tried to add these subnets to
the split-tunnel acl with no love either.

Thoughts?  I have a v7.0.2 525 that is being tied up with another setup, so
I can't test on 7.x code - but if if an upgrade is needed to solve this, let
me know...

Thanks!

-graham


_______________________________________________

Hi Graham,
If memory serves me, hairpinning(same-security-traffic permit intra-interface) in a pix is only supported on 7.x and above.
Regards,
./Randy


More information about the cisco-nsp mailing list