Re: Firewall Config Issue on 871 with SSL VPN

mhdacegan · ‎08-06-2009

Does anyone have a working firewall config for an 871 router with SSL VPN that allows remote VPN users connecting with the SSL full tunnel svc to access everything on the office lan while also allowing local users full access to the internet. So far I have been unable to make this work. Using the firewall wizard in SDM breaks both the access through the SSL tunnel and blocks users on the local network from accessing the Internet. I also tried a sample firewall config I had found but that did not work either. I really need to get this locked down. I followed a previous suggestion to add virtual template support and re-enable the zone-based firewall but it still broke access in both directions even though the wizard recognizes the SSL firewall and adds exceptions. I don't understand why this is so difficult to set up. I really need to finish this project and any suggestions would be welcome. Attached is current config that works with no firewall enabled. I have the latest IOS and Anyconnect client from June. Thanks.

sziaulla · ‎08-07-2009

here is the complete config guide via SDM.

http://www.cisco.com/en/US/partner/products/ps6496/products_configuration_example09186a0080720346.shtml

i hope this will help.

thanks

-SYed

mhdacegan · ‎08-07-2009

Thanks for the reply but I can't access that link. Can you repost or attach the file? Thanks.

sziaulla · ‎08-07-2009

here is the pdf.

mhdacegan · ‎08-07-2009

I got it that time...thanks. I used this document as reference when constructing the VPN, which works fine. It's when attempting to enable the firewall on the router that everything stops working. The config example at the end of the doc looks like mine with no firewall configured which works. I'm looking for a config example that has either the CBAC or zone-based firewall enabled where the VPN still works since the SDM firewall wizard seems to completely break it. Thanks.