Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search results for query: *

  1. Gungnir77

    IOS Version 7.0 is released

    snootalope, You can get around that MSS exceeded error by creating a tcp map that allows MSS exceeded packets to be passed through instead of dropped at the interface. just make sure to apply the class map to a group policy.
  2. Gungnir77

    IOS Version 7.0 is released

    It is a bug, and it wll be fixed in future releases. The decision to go to standard access lists makes sense, but the problem with the upgrade not converting extended to standard was un intended. But for now, the best I can do is get the word out.
  3. Gungnir77

    IOS Version 7.0 is released

    Ixleplix sorry to hear TAC didn't get back to you, I work on Cisco TAC's advanced security team (One of them anyhow). one thing that happens when you upgrade to 7.0 is that your split tunnel acl's don't get carried over correctly. In PIX 6.3 you can use extended acl's , but in 7.0, only...
  4. Gungnir77

    Site to site VPN only one side can initiate

    Odds are , the access list for interesting traffic on your crypto map isn't set up correctly on the side that can't pass the traffic. Check to make sure both side agree on what exactly the interesting traffic should be. Gungnir77 CCNP, Cisco TAC Security Team
  5. Gungnir77

    VPN inconsistancy

    You need to implement NAT-Traversal on both sides of the tunnel. This will allow IPSec over UDP, which is necessary for VPNs from behind NATed or PATed addresses. Gungnir77 CCNP, Cisco TAC security team
  6. Gungnir77

    InterVlan Routing

    It does, but you need to make sure the physical interface is assigned to a VLAN that is not the same as the native vlan the the switch on the other side uses. By default the traffic leaves the interface untagged, even if the logical interfaces are assigned to a specific vlan. The idea is to...
  7. Gungnir77

    VPN Client Issue

    Nat-traversal is needed when they are making a VPN connection from inside a firewall (or router) that is tanslating their address to the outside. Your firewall sees their connection request as coming from their public address, not their inside address. nat-t allows IPSec over UDP allowing for...
  8. Gungnir77

    Nat inside VPN Tunnel with Pix

    Also be aware that if you need to implement a VPN tunnel using a NATed address you need to configure NAT-Traversal, (UDP over IPSec) to get traffic to work Gungnir77 CCNP, Advanced Security team at Cisco TAC

Part and Inventory Search

Back
Top