Cisco Support Community
Community Member

easyvpn broken in 8.3

I've been testing easyvpn on asa5505 and noticed that when using 8.3 the easyvpn client doesn't work in the following configuration:

1) outside interface is a dhcp client

2) vpn is configured to tunnell-all

The problem is that the outside interface DHCP renewal packets are being tunnelled instead of forwarded onto the local LAN. I see the DHCP packets being denied at the other end of the tunnel.

In version 8.2 this didn't happen because the vpnclient automatically creates a rule to deny DHCP traffic on the VPN.

access-list _vpnc_acl extended deny udp host eq bootpc any eq bootps

In version 8.3 the firewall automatically creates a rule as well, but it screws it up:

access-list _vpnc_acl extended deny udp host eq bootpc eq bootps

Note that the IP Address is not an IP address at this site. As far as I can tell it is random and this one is registered to Comcast IP Services. Other IPs I've seen is and

I can't raise a TAC case for it but hopefully someone will one day.

Cisco Employee

Re: easyvpn broken in 8.3

Hello Dion,

Thanks for reporting it in. I will test it out in some free time and will report back.

Community Member

Re: easyvpn broken in 8.3


Have you had a chance to confirm the problem? Is there a cisco bug reference?


CreatePlease to create content