Pix running 7.2 terminating connection from latest windows vpnclient ipsec over tcp, client won't pass udp traffic such as xdmcp. I'm familiar with the old fixup protocol which I understand is replaced by MPF traffic inspection logic. But, I was unaware this affects vpn traffic in any way. And, the default policy should allow for xdmcp
Otherwise, the vpnclient setup is as follows...
group-policy * attributes dns-server value x.x.x.x vpn-idle-timeout none ipsec-udp enable ipsec-udp-port 10000 split-tunnel-policy tunnelspecified split-tunnel-network-list value split-tunnel
... access-list split-tunnel extended permit ip 192.168.221.0 255.255.255.0
192.168.220.0 255.255.255.0Any ideas?
class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp
service-policy global_policy global