https://community.cisco.com/t5/network-security/firepower-1120-not-passing-traffic-through-ssl-vpn/m-p/4866684#M1102260 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1543072">@mnowicky</a> you probably need a NAT exemption rule to ensure traffic between the inside networks and the RAVPN pool network is not unintentially translated.</P> <P>Example if using FDM to locally manage the FTD:-</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RobIngram_0-1688401004770.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/189349i5340FCDEF6186A94/image-size/medium?v=v2&amp;px=400" role="button" title="RobIngram_0-1688401004770.png" alt="RobIngram_0-1688401004770.png" /></span></P> <P>I assume the core switch default route is via the 1120 firewall, so no routing issues?</P> Mon, 03 Jul 2023 16:18:58 GMT Rob Ingram 2023-07-03T16:18:58Z https://community.cisco.com/t5/network-security/firepower-1120-not-passing-traffic-through-ssl-vpn/m-p/4866681#M1102259 <P>Have an issue with firepower 1120 not passing traffic from ssl vpn to the internal networks. The anyconnect client is able to connect, and provides an IP in the correct pool, however will not route traffic between vpn and internal networks.</P><P>The odd thing is that the default gateway assigned to vpn clients is not correct. The correct gateway is 172.30.100.254, while the assigned gateway and subnet mask are wrong, as follows:</P><P>subnet: 255.255.0.0<BR />Gateway: 172.30.0.1</P><P>I read that it is correct for the subnet mask to be like that, however something definitely seems wrong. The Firepower appliance is able to ping both the connected client, and hosts in the internal network, but will not pass traffic.</P><P>&nbsp;</P> Mon, 03 Jul 2023 16:10:38 GMT https://community.cisco.com/t5/network-security/firepower-1120-not-passing-traffic-through-ssl-vpn/m-p/4866681#M1102259 mnowicky 2023-07-03T16:10:38Z https://community.cisco.com/t5/network-security/firepower-1120-not-passing-traffic-through-ssl-vpn/m-p/4866684#M1102260 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1543072">@mnowicky</a> you probably need a NAT exemption rule to ensure traffic between the inside networks and the RAVPN pool network is not unintentially translated.</P> <P>Example if using FDM to locally manage the FTD:-</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RobIngram_0-1688401004770.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/189349i5340FCDEF6186A94/image-size/medium?v=v2&amp;px=400" role="button" title="RobIngram_0-1688401004770.png" alt="RobIngram_0-1688401004770.png" /></span></P> <P>I assume the core switch default route is via the 1120 firewall, so no routing issues?</P> Mon, 03 Jul 2023 16:18:58 GMT https://community.cisco.com/t5/network-security/firepower-1120-not-passing-traffic-through-ssl-vpn/m-p/4866684#M1102260 Rob Ingram 2023-07-03T16:18:58Z https://community.cisco.com/t5/network-security/firepower-1120-not-passing-traffic-through-ssl-vpn/m-p/4866700#M1102263 <P>That was it, thank you so much!</P> Mon, 03 Jul 2023 16:45:47 GMT https://community.cisco.com/t5/network-security/firepower-1120-not-passing-traffic-through-ssl-vpn/m-p/4866700#M1102263 mnowicky 2023-07-03T16:45:47Z