I noticed that all the HITS COUNTS of all OUTSIDE rules are empty. I enabled LOGGING but I can't even see the traffic coming from Outside to Inside
Outise > IPSEC Tunnel > Inside
Any ideas why
Go to Solution.
The issue was the Bypass Access Control policy for decrypted traffic (sysopt permit-vpn)
it's disabled by default on the Cisco FDM, but enabled by default on the Cisco FMC.
View solution in original post
Has the VPN been established? Run the command "show crypto ipsec sa" from the CLI of the FTD and check the encaps and decaps counters are increasing.
If the counters are not increasing, do you have a NAT exemption rule, that ensures traffic destined over the VPN is not unintentially translated.
Please provide a screenshot of your Access Control policies, related to the VPN acces.
The VPN is established and working fine. The only issue is that I can't see any hits from Outside to Inside. I can't even see the VPN traffic from Outside to Inside
I have NAT from INSIDE to OUTSIDE on both ends
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: