04-03-2007 08:43 AM
I'm attempting to create a vpn-filter for each of my RA Group Policies. All my group policies RA VPNs utlize the same IP subnet so a interface ACL isn't really an option.
When I create the ACL and apply it to the Group Policy it blocks all traffic, even when the ACL is set to allow all. For example, this configuration blocks everything once the connection is established:
access-list VPNFilter extended permit ip 192.168.112.0 255.255.255.0 any
access-list VPNFilter extended permit ip any 192.168.112.0 255.255.255.0
group-policy RAVPN attributes
vpn-filter value VPNFilter
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNNETList
However, when I remove the 'vpn-filter value VPNFilter' everything works great.
I have the VPN subsystem set to bypass interface ACLs.
Thanks in advance,
Jeremy
04-03-2007 06:18 PM
Any chance you could get some logs when traffic is being denied?
04-03-2007 07:21 PM
You bet. I upgraded to 7.2.2 tonight that that didn't fix it either.
See attached syslog.
The syslog shows that the traffic is passing through the ACLs at least. Very strange.
04-03-2007 07:45 PM
You bet. I upgraded to 7.2.2 tonight that that didn't fix it either.
See attached syslog.
The syslog shows that the traffic is passing through the ACLs at least. Very strange.
04-04-2007 10:52 AM
This is a known bug - CSCsg60095
Upgrade to 7.2.2(18) fixed it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide