Solved: IPN Not Passing Traffic

AJ Cruz · ‎02-08-2013

I deployed an IPN to do posture assessments on VPN users. Right now I have no posture checks enabled and I have authorization happening with a "permit all" DACL, but I cannot pass traffic (no ping from VPN client to an internal resource).

For the heck of it I put a subnet filter for my VPN pool on the IPN and then I get ping, so that makes me think routing is all good, must be the IPN right?

Any ideas?

Thanks!

Tarik Admani · ‎02-09-2013

From the ipn can you issue a "show pep session table"? You should see the client ip address. If jot check the tunnel group to see if the accounting server group and the authentication server group points to the ipn node. Also make sure you are hitting the inline node authorization profile.

Sent from Cisco Technical Support Android App

View solution in original post

Tarik Admani · ‎02-09-2013

From the ipn can you issue a "show pep session table"? You should see the client ip address. If jot check the tunnel group to see if the accounting server group and the authentication server group points to the ipn node. Also make sure you are hitting the inline node authorization profile.

Sent from Cisco Technical Support Android App

AJ Cruz · ‎02-10-2013

That was it, the accounting command was missing on the firewall. Thanks.