[c-nsp] Client VPN issue with PIX v6.3
Randy
randy_94108 at yahoo.com
Sun Nov 29 23:06:57 EST 2009
--- On Sun, 11/29/09, Graham Wooden <graham at g-rock.net> wrote:
From: Graham Wooden <graham at g-rock.net>
Subject: [c-nsp] Client VPN issue with PIX v6.3
To: "cisco-nsp" <cisco-nsp at puck.nether.net>
Date: Sunday, November 29, 2009, 7:53 PM
Hi all,
One of my VPN devices is a 525 running v6.3.5. I am having an issue with
Client VPN sessions coming in on the outside interface while accessing
subnets that are reached by outside interface. I can access the "inside"
interface addresses just fine. Is there some sort of limitation that I
can't access subnets out past the outside interface while having VPN
sessions terminating on the same interface? I tried to add these subnets to
the split-tunnel acl with no love either.
Thoughts? I have a v7.0.2 525 that is being tied up with another setup, so
I can't test on 7.x code - but if if an upgrade is needed to solve this, let
me know...
Thanks!
-graham
_______________________________________________
Hi Graham,
If memory serves me, hairpinning(same-security-traffic permit intra-interface) in a pix is only supported on 7.x and above.
Regards,
./Randy
More information about the cisco-nsp
mailing list