Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1087
Views
0
Helpful
2
Replies

Zone Based Firewall and DMVPN

networkwise
Level 1
Level 1

‎04-08-2010 01:02 PM - edited ‎02-21-2020 04:35 PM

Hi,

I have a question with regaurd to the IOS ZFW. I have a 3 node netwrok that are all communicating via VPN, 1 HQ and two Branches. I configured teh ZFW on the HQ router. I have used the CCP to configure the ZFW and have configured it manually from the CLI. What I notice is there is no ploicy to permit VPN. However the VPN's and eigrp adjacencies stay up. I have not had to specifically permit the VPN traffic isakmp etc.

I have experimented with the DMVPN tunnel assigned to the inside and having not assigned to any zone and the tunnel stays up to the branches.

Not sure if ayone else has come across this?? Its as though the ZFW knows to permit this traffic however there is no policy defined, at least from what I see in the config.

Andy

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-08-2010 08:15 PM

The ZBFW will only affect new connection, not existing connections. Hence why the VPN tunnel stays up.

0 Helpful

networkwise
Level 1
Level 1
In response to Jennifer Halim

‎04-09-2010 08:09 AM

Hi Halijenn,

I will try and reboot the HQ and or take the VPN down manually and try to re establish the connection through the firewall and see what happens.

Thanks

Andy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents