https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5072112#M1111377 <P>HI</P><P>We have several Policy based VPNs, I have read in a Cisco document that the sysopt permit-vpn is not supported with Route based VPN and I will need to configure access control for this, so that being said does this affect our policy based VPNs which have the Bypass access Control for Decrypted traffic (sysopt permit-vpn) box checked or will they be ok.?</P><P>Thanks</P> Wed, 17 Apr 2024 15:38:19 GMT benolyndav 2024-04-17T15:38:19Z https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5072112#M1111377 <P>HI</P><P>We have several Policy based VPNs, I have read in a Cisco document that the sysopt permit-vpn is not supported with Route based VPN and I will need to configure access control for this, so that being said does this affect our policy based VPNs which have the Bypass access Control for Decrypted traffic (sysopt permit-vpn) box checked or will they be ok.?</P><P>Thanks</P> Wed, 17 Apr 2024 15:38:19 GMT https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5072112#M1111377 benolyndav 2024-04-17T15:38:19Z https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5072119#M1111378 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> traffic VPNs (Policy or Routed based) on FTD need to be explictly permitted in the Access Control rules.</P> <P>I would not want to bypass the ACP for VPN traffic, it is better to explictly allow/deny the traffic.</P> Wed, 17 Apr 2024 15:41:23 GMT https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5072119#M1111378 Rob Ingram 2024-04-17T15:41:23Z https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5077073#M1111565 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;<BR />Yes I agree but unfortunatley thats the way the VPNs are configured with the sysopt box checked I have wondered why myself.<BR />Cisco's documentation as this line below , dose this mean I cant create a route based VPNs as we have sysop selected on our policy based VPNs, .??<BR />(<STRONG><SPAN>Note:&nbsp;</SPAN></STRONG><SPAN>sysopt connection permit-vpn does not work with Route Based VPN tunnels. The Access Control Rules need to be configured for both IN-&nbsp; OUT zones and OUT -&nbsp; IN zones.)</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks</SPAN></P><DIV class=""><P>&nbsp;</P></DIV> Wed, 24 Apr 2024 10:30:12 GMT https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5077073#M1111565 benolyndav 2024-04-24T10:30:12Z https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5077102#M1111566 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> you can create a route based VPN, just create explict Access Control rules for traffic that is routed over that route-based VPN tunnel.</P> Wed, 24 Apr 2024 10:46:26 GMT https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5077102#M1111566 Rob Ingram 2024-04-24T10:46:26Z https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5077116#M1111567 <P>When you use use sysopt permit vpn it effect traffic pass through interface you enable ipsec on it'</P> <P>The route-based vpn use different interface and hence not effect by sysopt (bypass).</P> <P>MHM</P> Wed, 24 Apr 2024 11:07:19 GMT https://community.cisco.com/t5/network-security/route-based-vpn-ftd/m-p/5077116#M1111567 MHM Cisco World 2024-04-24T11:07:19Z