Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1482
Views
0
Helpful
0
Comments

Ipsec traffic does not flow through the 3015 VPN with software version 4.0 even after # sysopt connection permit-ipsec is configured

TCC_2
Level 10
Level 10

on ‎06-22-2009 06:08 PM

Core issue

Although sysopt connection permit-ipsec is in the configuration, traffic does not seem to flow between the site-to-site VPN unless the traffic between the subnet in the access list bound with the inside interface is allowed. If there is no access list on the inside interface it works fine. The sysopt command only bypasses the checking of the outside access list.

Resolution

Traffic won't flow through the VPN  unless it is permitted in the inside interface access list even if sysopt connection permit-ipsec is configured

Allow the tunnel traffic in the access list bound with the inside interface or remove the access-group access-list in interface inside command.

For additional information on how sysopt works with different versions of PIX Firewall code, refer to the relevant documentation for your PIX release:

Problem Type

Connectivity through the device

Troubleshoot software feature

Product Family

VPN - 3000 series concentrator

Firewall - PIX 500 series

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents