Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
2
Replies

PIX version 6.3 and VPN Client

limlayhin
Level 1
Level 1

‎11-25-2013 01:05 AM

I have an old PIX, running version 6.3. Its version cannot be upgraded due to hardware limitation.

I am setting up IPSEC VPN, with split-tunnel disabled.

However, the client was not able to connect to Internet.

Below is part of the configuration.

ip local pool internetvpn1 10.30.11.1-10.30.11.7

vpngroup internetvpn1address-pool internetvpn1

vpngroup internetpub1 dns-server 123.4.5.6

vpngroup internetpub1 idle-time 86400

vpngroup internetpub1 password *********

I can login to VPN Client, but when I do nslookup, PIX will show log as below

110001: No route to 123.4.5.6 from 10.30.11.1

110001: No route to 123.4.5.6 from 10.30.11.1

Anybody have any idea?

Labels:
0 Helpful
2 Replies 2

limlayhin
Level 1
Level 1

‎11-25-2013 03:27 AM

I just found out that in version 6.x, traffic cannot pass through when the security level are the same.

For VPN Client, user traffic came from outside interface.

If split-tunneling is disabled and user want to access Internet, it has to go out from outside interface as well.

As "same-security-traffic permit inter-interface" is not available in 6.x, it become impossilbe for VPN client to access Internet, when split-tunneling is disabled.

Am I correct?

0 Helpful

limlayhin
Level 1
Level 1
In response to limlayhin

‎12-17-2013 06:39 PM

I upgraded firewall to version 7.0 and problem resolved.

0 Helpful
Customers Also Viewed These Support Documents