Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

`client-bypass-protocol' not working for Linux client

Basic info: Hardware: ASA5510, System image: ASA 9.1(5), ASDM: 7.1(6), AnyConnect 3.1.05170, OS: Debian GNU/Linux (x64)

I set up an IPsec (IKEv2) client VPN service with IPv4 splitting tunnel enabled and IPv6 disabled (no IPv6 address pool assigned). I want to make the tunnel working in IPv4 only while IPv6 traffic are sent in the clear, so I enabled `client-bypass-protocol' in ASA. Everything works fine for Windows clients, but AnyConnect failed to build correct routes for Linux: IPv6 traffic are still routed to Cisco tunnel and then dropped. Here is the iproute2 output:

$ ip -6 r
fe80::691e:5dd0:3054:495a dev cscotun0  proto kernel  metric 256  mtu 1406
default dev cscotun0  metric 1 
default via fe80::16cf:92ff:febc:2bbf dev eth0.1  proto ra  metric 1024  expires 1791sec

Disabling IPv6 address assignment policy (both authentication server and internal address pools) makes no difference. Is it a bug in AnyConnect Linux client?


PS: I also tried IPv6 splitting tunnel, but it doesn't work either.

Everyone's tags (1)
CreatePlease login to create content