vpn-filter applied to group policy blocks all traffic

Unanswered Question
Apr 3rd, 2007

I'm attempting to create a vpn-filter for each of my RA Group Policies. All my group policies RA VPNs utlize the same IP subnet so a interface ACL isn't really an option.

When I create the ACL and apply it to the Group Policy it blocks all traffic, even when the ACL is set to allow all. For example, this configuration blocks everything once the connection is established:

access-list VPNFilter extended permit ip 192.168.112.0 255.255.255.0 any

access-list VPNFilter extended permit ip any 192.168.112.0 255.255.255.0

group-policy RAVPN attributes

vpn-filter value VPNFilter

split-tunnel-policy tunnelspecified

split-tunnel-network-list value VPNNETList

However, when I remove the 'vpn-filter value VPNFilter' everything works great.

I have the VPN subsystem set to bypass interface ACLs.

Thanks in advance,

Jeremy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Tue, 04/03/2007 - 18:18

Any chance you could get some logs when traffic is being denied?

jeremyarcher Tue, 04/03/2007 - 19:21

You bet. I upgraded to 7.2.2 tonight that that didn't fix it either.

See attached syslog.

The syslog shows that the traffic is passing through the ACLs at least. Very strange.

jeremyarcher Tue, 04/03/2007 - 19:45

You bet. I upgraded to 7.2.2 tonight that that didn't fix it either.

See attached syslog.

The syslog shows that the traffic is passing through the ACLs at least. Very strange.

Actions

This Discussion