cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
409
Views
0
Helpful
4
Replies

vpn-filter applied to group policy blocks all traffic

jeremyarcher
Level 1
Level 1

I'm attempting to create a vpn-filter for each of my RA Group Policies. All my group policies RA VPNs utlize the same IP subnet so a interface ACL isn't really an option.

When I create the ACL and apply it to the Group Policy it blocks all traffic, even when the ACL is set to allow all. For example, this configuration blocks everything once the connection is established:

access-list VPNFilter extended permit ip 192.168.112.0 255.255.255.0 any

access-list VPNFilter extended permit ip any 192.168.112.0 255.255.255.0

group-policy RAVPN attributes

vpn-filter value VPNFilter

split-tunnel-policy tunnelspecified

split-tunnel-network-list value VPNNETList

However, when I remove the 'vpn-filter value VPNFilter' everything works great.

I have the VPN subsystem set to bypass interface ACLs.

Thanks in advance,

Jeremy

4 Replies 4

acomiskey
Level 10
Level 10

Any chance you could get some logs when traffic is being denied?

You bet. I upgraded to 7.2.2 tonight that that didn't fix it either.

See attached syslog.

The syslog shows that the traffic is passing through the ACLs at least. Very strange.

You bet. I upgraded to 7.2.2 tonight that that didn't fix it either.

See attached syslog.

The syslog shows that the traffic is passing through the ACLs at least. Very strange.

This is a known bug - CSCsg60095

Upgrade to 7.2.2(18) fixed it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: