Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5585 setting unchecked

i am seeing a strange issue on 2 of my Cisco ASA 5585s

randomly the "Enable inbound VPN sessions to bypass interface access list. Group...." setting is getting unchecked.

i have verified that no one is logging into the system

is this a bug in the firmware or the ASDM ?

2 REPLIES
Super Bronze

ASA 5585 setting unchecked

Hi,

I have not run into this issue atleast.

First and only thing that comes to mind is that someone is using the ASDMs VPN Wizard to configure new VPN connections and during that changes this Global Setting that you mention.

On the CLI format the command is

sysopt connection permit-vpn

The above is the default setting and will mean that any traffic coming through a VPN connection will bypass the interface ACL of the interface where the VPN is connected to.

The below form of the command changes the behaviour of the ASA so that any connection will need to be allowed in the interface ACL of the interface where the VPN is connected to.

no sysopt connection permit-vpn

You can view the current setting (among all the other system option settings) with

show run all sysopt

- Jouni

Super Bronze

ASA 5585 setting unchecked

Hi,

Here is the only BugID I found but its a really really old one.

If nothing else, it does show this has happened before

Click to enlarge

- Jouni

100
Views
0
Helpful
2
Replies