Network Security: Detailed info on PIX to PIX Certificate VPN question

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Firewalls

[Top] [All Lists]

PIX to PIX Certificate VPN question

from [Conlan Adams] Network Security

[Permanent Link]

Subject:	PIX to PIX Certificate VPN question
Date:	Fri, 9 Jun 2006 10:12:43 -0400

Stupid question that I am having a heck of a time finding an answer for
when I search the web.

 

I have a remote access setup, where I have a PIX 515E inhouse, and
several 501s outhouse.  All of them have validated certs, but I am
having issues with my split-tunnel implementation.

 

After much digging, I seem to have found that the split tunnel isn't
propagating the ACLs because the vpngroup isn't being set properly on
the 501s.  They are connecting, and authenticating properly, and all
traffic is sent over, but since the split-tunnel has to be assigned by
name, its not carrying over.

 

The PIXs are connecting fine, and passing traffic, just not running the
split-tunnel.

 

Any thoughts on how I set the vpngroup on the 501s?  I attempted to set
an OU with the ca subject-name command, but doesn't seem to help.

 

Thanks in advance

 

Conlan Adams

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
PIX to PIX Certificate VPN question, Conlan Adams <= Re: PIX to PIX Certificate VPN question, Aaron Rohyans RE: PIX to PIX Certificate VPN question, Conlan Adams Re: PIX to PIX Certificate VPN question, Aaron Rohyans RE: PIX to PIX Certificate VPN question, Conlan Adams RE: PIX to PIX Certificate VPN question, Brandon Harris

Previous by Date:	RE: Should FW have DNS name?, Harris, Tom
Next by Date:	RE: Should FW have DNS name?, Mark Drucker
Previous by Thread:	Re: Should FW have DNS name?, Bob Radvanovsky
Next by Thread:	Re: PIX to PIX Certificate VPN question, Aaron Rohyans
Indexes:	[Date] [Thread] [Top] [All Lists]