Stupid question that I am having a heck of a time finding an answer for
when I search the web.
I have a remote access setup, where I have a PIX 515E inhouse, and
several 501s outhouse. All of them have validated certs, but I am
having issues with my split-tunnel implementation.
After much digging, I seem to have found that the split tunnel isn't
propagating the ACLs because the vpngroup isn't being set properly on
the 501s. They are connecting, and authenticating properly, and all
traffic is sent over, but since the split-tunnel has to be assigned by
name, its not carrying over.
The PIXs are connecting fine, and passing traffic, just not running the
split-tunnel.
Any thoughts on how I set the vpngroup on the 501s? I attempted to set
an OU with the ca subject-name command, but doesn't seem to help.
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>Stupid question
that I am having a heck of a time finding an answer for when I search the web.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>I have a
remote access setup, where I have a PIX 515E inhouse, and several 501s
outhouse. All of them have validated certs, but I am having issues with
my split-tunnel implementation.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>After much
digging, I seem to have found that the split tunnel isn’t propagating the
ACLs because the vpngroup isn’t being set properly on the 501s.
They are connecting, and authenticating properly, and all traffic is sent over,
but since the split-tunnel has to be assigned by name, its not carrying over.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>The PIXs
are connecting fine, and passing traffic, just not running the split-tunnel.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>Any
thoughts on how I set the vpngroup on the 501s? I attempted to set an OU
with the ca subject-name command, but doesn’t seem to help.<o:p></o:p></span></p>
when I search the web.
I have a remote access setup, where I have a PIX 515E inhouse, and
several 501s outhouse. All of them have validated certs, but I am
having issues with my split-tunnel implementation.
After much digging, I seem to have found that the split tunnel isn't
propagating the ACLs because the vpngroup isn't being set properly on
the 501s. They are connecting, and authenticating properly, and all
traffic is sent over, but since the split-tunnel has to be assigned by
name, its not carrying over.
The PIXs are connecting fine, and passing traffic, just not running the
split-tunnel.
Any thoughts on how I set the vpngroup on the 501s? I attempted to set
an OU with the ca subject-name command, but doesn't seem to help.
Thanks in advance
Conlan Adams
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>Stupid question
that I am having a heck of a time finding an answer for when I search the web.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>I have a
remote access setup, where I have a PIX 515E inhouse, and several 501s
outhouse. All of them have validated certs, but I am having issues with
my split-tunnel implementation.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>After much
digging, I seem to have found that the split tunnel isn’t propagating the
ACLs because the vpngroup isn’t being set properly on the 501s.
They are connecting, and authenticating properly, and all traffic is sent over,
but since the split-tunnel has to be assigned by name, its not carrying over.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>The PIXs
are connecting fine, and passing traffic, just not running the split-tunnel.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>Any
thoughts on how I set the vpngroup on the 501s? I attempted to set an OU
with the ca subject-name command, but doesn’t seem to help.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>Thanks in
advance<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>Conlan
Adams<o:p></o:p></span></p>
</div>
</body>
</html>
[ reply ]