Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

`client-bypass-protocol' not working for Linux client

Basic info: Hardware: ASA5510, System image: ASA 9.1(5), ASDM: 7.1(6), AnyConnect 3.1.05170, OS: Debian GNU/Linux (x64)

I set up an IPsec (IKEv2) client VPN service with IPv4 splitting tunnel enabled and IPv6 disabled (no IPv6 address pool assigned). I want to make the tunnel working in IPv4 only while IPv6 traffic are sent in the clear, so I enabled `client-bypass-protocol' in ASA. Everything works fine for Windows clients, but AnyConnect failed to build correct routes for Linux: IPv6 traffic are still routed to Cisco tunnel and then dropped. Here is the iproute2 output:

$ ip -6 r
fe80::691e:5dd0:3054:495a dev cscotun0  proto kernel  metric 256  mtu 1406
default dev cscotun0  metric 1 
default via fe80::16cf:92ff:febc:2bbf dev eth0.1  proto ra  metric 1024  expires 1791sec

Disabling IPv6 address assignment policy (both authentication server and internal address pools) makes no difference. Is it a bug in AnyConnect Linux client?

 

PS: I also tried IPv6 splitting tunnel, but it doesn't work either.

Everyone's tags (1)
131
Views
0
Helpful
0
Replies
CreatePlease login to create content