udp traffic not passing over vpnclient connection to pix ASA 7.2

Discussion in 'Cisco' started by lfnetworking, Aug 29, 2006.

  1. lfnetworking

    lfnetworking Guest

    Pix running 7.2 terminating connection from latest windows vpnclient
    ipsec over tcp, client won't pass udp traffic such as xdmcp. I'm
    familiar with the old fixup protocol which I understand is replaced by
    MPF traffic inspection logic. But, I was unaware this affects vpn
    traffic in any way. And, the default policy should allow for xdmcp

    Otherwise, the vpnclient setup is as follows...

    group-policy * attributes
    dns-server value x.x.x.x
    vpn-idle-timeout none
    ipsec-udp enable
    ipsec-udp-port 10000
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split-tunnel

    ....
    access-list split-tunnel extended permit ip 192.168.221.0 255.255.255.0
    192.168.220.0 255.255.255.0



    Any ideas?


    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp

    service-policy global_policy global
     
    lfnetworking, Aug 29, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.