Solved: FTD drop VPN Connection

Otvforte · ‎08-13-2025

Hello !

I'm trying to configure a VPN for remote access.

On the client side, I'm attempting to connect to the server using its IP address and port number, both of which are correct.
I can ping the public IP of the server.

However, the connection fails, and the client reports that the server is unreachable—even though the server is online.

The FTD syslog indicates that the packet destined for the VPN server is being dropped:

%FTD-7-710005: TCP request discarded from x.x.x.x/44194 to outside:y.y.y.y/zzzz

Is there a specific location or configuration where I need to manually create a rule to allow this connection?

Thank you

MHM Cisco World · ‎08-13-2025

This log is appear if traffic is drop by ACP

So add ACP

Outside to inside

From RAVPN pool IP to server IP

And check again

MHM

View solution in original post

MHM Cisco World · ‎08-13-2025

This log is appear if traffic is drop by ACP

So add ACP

Outside to inside

From RAVPN pool IP to server IP

And check again

MHM

Otvforte · ‎08-15-2025

I understand your point, thanks

That leads me to another question: I believe traffic from RFC 1918 address space should be blocked if it's coming from the internet gateway (i.e., via a public IP).

Can FTD distinguish whether this traffic is originating from a VPN client versus the internet gateway?

MHM Cisco World · ‎08-15-2025

You are Smart and totally correct
RFC1918 must not allow but for anyconnect there are two option to allow traffic
1- add ACP
2- use bypass option <<- this more secure

Otvforte · ‎08-15-2025

Thank you, I'll try to learn how to use VPN Filter instead of ACL to control VPN traffic.