vpn-filter applied to group policy blocks all traffic

Unanswered Question
Apr 3rd, 2007
User Badges:

I'm attempting to create a vpn-filter for each of my RA Group Policies. All my group policies RA VPNs utlize the same IP subnet so a interface ACL isn't really an option.


When I create the ACL and apply it to the Group Policy it blocks all traffic, even when the ACL is set to allow all. For example, this configuration blocks everything once the connection is established:


access-list VPNFilter extended permit ip 192.168.112.0 255.255.255.0 any

access-list VPNFilter extended permit ip any 192.168.112.0 255.255.255.0


group-policy RAVPN attributes

vpn-filter value VPNFilter

split-tunnel-policy tunnelspecified

split-tunnel-network-list value VPNNETList


However, when I remove the 'vpn-filter value VPNFilter' everything works great.


I have the VPN subsystem set to bypass interface ACLs.


Thanks in advance,


Jeremy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Tue, 04/03/2007 - 18:18
User Badges:
  • Green, 3000 points or more

Any chance you could get some logs when traffic is being denied?

jeremyarcher Tue, 04/03/2007 - 19:21
User Badges:

You bet. I upgraded to 7.2.2 tonight that that didn't fix it either.


See attached syslog.


The syslog shows that the traffic is passing through the ACLs at least. Very strange.



jeremyarcher Tue, 04/03/2007 - 19:45
User Badges:

You bet. I upgraded to 7.2.2 tonight that that didn't fix it either.


See attached syslog.


The syslog shows that the traffic is passing through the ACLs at least. Very strange.

Actions

This Discussion