I'm trying to allow IPSec and L2TP VPN traffic through a IOS Zone Based Firewall. The router running the ZBF is NOT a vpn end point. It only needs to pass traffic from VPN clients behind the router to other remote routers.
When I try to connect to a remote router, the Username/Password dialog box does not appear (Cisco VPN client). When I remove the zones from the interfaces of the firewall the VPN works perfectly. So I suppose I'm blocking something in the ZBF but I don't know what.
I'm using the following policy map for VPN to allow traffic from the INSIDE to OUTSIDE and vica versa:
policy-map type inspect OUTSIDE_INSIDE_PM
class type inspect VPN_PROTOCOLS_CM
class-map type inspect match-any VPN_PROTOCOLS_CM
match protocol isakmp
match access-group name VPN_PROTOCOLS_ACL
ip access-list extended VPN_PROTOCOLS_ACL
permit esp any any
permit udp any any eq non500-isakmp
permit gre any any
Anyone any idea how to allow VPN traffic to passthrough?