Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

SDM easy vpn - "service-policy type inspect sdm-permit-ip"

Hi All,

Just switched from my old trusty Cisco 91 to a new Cisco 871 - awesome stuff! I had my 91 configured with IPSEC VPN for years and of course did it all manually, but now I'm trying to configure easy vpn server with the SDM and whenever I get to the point where it wants to modify the firewall to allow GRE traffic, it fails with the error "service-policy type inspect sdm-permit-ip". I've tried resetting to default and setting up the VPN before turning on the firewall and get the same error in the firewall wizard. Anyone have any idea how to get past this? I'm sure I could spend an hour and learn the zone based firewall and edit it manually, but I want to see if I can do everything I need with the SDM first. My config is attached, looks like most of the zone rules for the VPN are there, but I can't connect, so I'm sure the ACL portion isn't completing. Any tips would be much appreciated to get SDM to work for me to set up easy vpn server...


CreatePlease to create content