11-17-2007 03:48 AM - edited 03-11-2019 04:32 AM
I dont think my sysopt connection permit-ipsec is working, as even if I add that line I am not able to communicate over RA-VPN (though its getting establishing) unless I explicitly allow that traffic using ACL. Any other way to check if its working, or you think other way. If its not working how to make it work??
11-18-2007 08:33 AM
Hi Gaurang
Are you able to say which version of software you are using??? as the sysopt commands do work unless you are hitting a bug... could you have a look at the following,
sysopt connection permit-ipsec on PIX version 6.3
and sysopt connection permit-VPN on PIX/ASA version 7.x.
Regards MJ
11-18-2007 09:47 AM
Where is the Crypto map and ACL applied. Is the ACL Outside to Inside or Inside to Outside.
Sysopt Connection permit IPSEC or VPN is only applicable on the interface where the VPN traffic is getting decrypted. So, if you have sysopt connection permit ipsec on the outside interface and ACL on the inside interface or DMZ , you need to permit return traffic on the ACL applied on the inside or DMZ.
I hope it helps.
Regards,
Arul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: