Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Zone Based Firewall and DMVPN

Hi,

I have a question with regaurd to the IOS ZFW. I have a 3 node netwrok that are all communicating via VPN, 1 HQ and two Branches. I configured teh ZFW on the HQ router. I have used the CCP to configure the ZFW and have configured it manually from the CLI. What I notice is there is no ploicy to permit VPN. However the VPN's and eigrp adjacencies stay up. I have not had to specifically permit the VPN traffic isakmp etc.

I have experimented with the DMVPN tunnel assigned to the inside and having not assigned to any zone and the tunnel stays up to the branches.

Not sure if ayone else has come across this?? Its as though the ZFW knows to permit this traffic however there is no policy defined, at least from what I see in the config.

Andy

2 REPLIES
Cisco Employee

Re: Zone Based Firewall and DMVPN

The ZBFW will only affect new connection, not existing connections. Hence why the VPN tunnel stays up.

New Member

Re: Zone Based Firewall and DMVPN

Hi Halijenn,

I will try and reboot the HQ and or take the VPN down manually and try to re establish the connection through the firewall and see what happens.

Thanks

Andy

477
Views
0
Helpful
2
Replies
CreatePlease to create content