Hi,This is certainly possible.Ipsec VPN and policy based routing can certainly work together.The below link might prove to be of some help:http://www.cisco.com/en/US/partner/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a00801e18f6.html...
hi,The sa lifetimes for phase 1 and phase 2 should match else either the tunnel does not get established or the tunnel would flap.The phase 1 sa lifetime is same on all the devices: 86400 sec, The phase 2 sa lifetime is different on different devices...
hi,Are the users that establish the vpn client connection comingbehind a nat/pat device?On this pix add the command:isakmp nat-t 20 (this cmd works in config mode)Also this command is operational in pix version 6.3 onwards.if there is any other devi...
Hi, the commands to monitor /know the status of the tunnel are as the follows:sh cry isa sa (works in config mode)This command tells us about the phase 1 of the vpn being up or not.sh cry ipsec sa (works in config mode)this comand tells us if the se...
Hi,I would recommend that rather than looking at the logs on the client , look for the logs on the head end device, the device where the vpn is bein terminated.Also,we can think of changing the vpngroup password on both the client and the head end(th...