Tuesday, May 10, 2011

Simple Command to Prevent Lost VPN Packets

No more Loss of Packets over VPN.

If you find that your VPN packets aren’t getting through your Cisco ASA or PIX security appliance, you may want to verify that you’re using the appropriate sysopt connection permit command to allow IPsec tunnel packets to get around the interface access control lists (ACLs)in ASA or PIX. Unless you issue the appropriate command to allow IPsec tunnel packets through (or else manually set up your ACLs to specifically allow the traffic you want), these packets may fail.
In PIX/ASA version 7.0, use this command:
   sysopt connection permit-ipsec
In PIX/AXA version 7.1(1) or higher, use this:
   sysopt connection permit-vpn
Before version 7.0(1), these commands were disabled, so in that case, you have to explicitly enable them with the following command:
   pix(config)#sysopt connection permit-ipsec

If these commands have been disabled in later versions, enable them this way:
   securityappliance(config)#sysopt connection permit-vpn
The show sysopt command can help you see if the appropriate command is enabled.

0 Responses to “Simple Command to Prevent Lost VPN Packets”

Post a Comment

All Rights Reserved Tech-next| | Blogger Template by Bloggermint
© TECH NEXT INDIA 2011. Powered by Blogger.