Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
2
Replies

ISE | Inline VPN deployment Issue

Khaled El-Metwaly
Level 1
Level 1

‎03-24-2015 09:30 AM - edited ‎03-10-2019 10:34 PM

Hi,

I have ASA which I use for internet access and VPN gateway. I am trying to deploy ISE inline VPN node, but i found that the users traffic (from inside to internet) denied by the Inline node (users return traffic from untrusted port to trusted is blocked).... It is only permitted if i add the real IP subnet , i need to access , in the filter tab.

This is not practical because i can not exclude all internet addresses.

My questions are:

1) Is Inline VPN designed to be used only with dedicated VPN GWs?

2)Is there any workaround for this?

 

Thanks for any support.

Labels:
0 Helpful
2 Replies 2

khaled alodat
Level 1
Level 1

‎04-10-2015 05:19 AM

Upgrade the ASA to the 9.1 or earlier, the inline VPN is not required in the new code

0 Helpful

Charlie Moreton
Cisco Employee
Cisco Employee
In response to khaled alodat

‎04-10-2015 08:15 AM

The ASA code you need is 9.2.1 or later.  This allows the ASA to perform CoA, thus negating the need for the Inline Posture Node.

In which mode is the IPN working?  Bridged or Routed?

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

0 Helpful
Customers Also Viewed These Support Documents