11-22-2010 11:59 AM
I've been testing easyvpn on asa5505 and noticed that when using 8.3 the easyvpn client doesn't work in the following configuration:
1) outside interface is a dhcp client
2) vpn is configured to tunnell-all
The problem is that the outside interface DHCP renewal packets are being tunnelled instead of forwarded onto the local LAN. I see the DHCP packets being denied at the other end of the tunnel.
In version 8.2 this didn't happen because the vpnclient automatically creates a rule to deny DHCP traffic on the VPN.
access-list _vpnc_acl extended deny udp host 192.168.2.16 eq bootpc any eq bootps
In version 8.3 the firewall automatically creates a rule as well, but it screws it up:
access-list _vpnc_acl extended deny udp host 192.168.2.16 eq bootpc 0.0.0.0 96.80.178.199 eq bootps
Note that the IP Address 96.80.178.199 is not an IP address at this site. As far as I can tell it is random and this one is registered to Comcast IP Services. Other IPs I've seen is 80.104.178.199 and 128.101.178.199.
I can't raise a TAC case for it but hopefully someone will one day.
11-22-2010 07:48 PM
Hello Dion,
Thanks for reporting it in. I will test it out in some free time and will report back.
12-20-2010 02:59 AM
Hi,
Have you had a chance to confirm the problem? Is there a cisco bug reference?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide