cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1383
Views
5
Helpful
3
Replies

Cisco FMC - VPN traffic is not matching the rules - Eventviewer Empty

Hi Guys,

 

I noticed that all the HITS COUNTS of all OUTSIDE rules are empty. I enabled LOGGING  but I can't even see the traffic coming from Outside to Inside

 

Outise > IPSEC Tunnel > Inside

 

Any ideas why

 

thanks

 

 

 

 

 

1 Accepted Solution

Accepted Solutions

The issue was the Bypass Access Control policy for decrypted traffic (sysopt permit-vpn)

 

it's disabled by default on the Cisco FDM, but enabled by default on the Cisco FMC.

View solution in original post

3 Replies 3

@IvanAlvarenga25979 

Has the VPN been established? Run the command "show crypto ipsec sa" from the CLI of the FTD and check the encaps and decaps counters are increasing.

 

If the counters are not increasing, do you have a NAT exemption rule, that ensures traffic destined over the VPN is not unintentially translated.

 

Please provide a screenshot of your Access Control policies, related to the VPN acces.

Hi Rob,

 

The VPN is established and working fine. The only issue is that I can't see any hits from Outside to Inside. I can't even see the VPN traffic from Outside to Inside

 

I have NAT from INSIDE to OUTSIDE on both ends 

The issue was the Bypass Access Control policy for decrypted traffic (sysopt permit-vpn)

 

it's disabled by default on the Cisco FDM, but enabled by default on the Cisco FMC.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: