06-11-2013 07:13 AM
I have a Cisco ASA 5520, running 8.2(5)26.
When configuring some VPN site to site links, the above check box has become, of it's own nature unticked, and as there are no acl's configured, all of the VPN traffic is dropped.
What I need to know is :-
1. Is this a known issue ?
and if so, is there a bug id ?
2. What version of software fixes it ?
Thanks in advance.
06-11-2013 07:15 AM
This is a global option. If you disable it for one VPN you disable to all of them.
To re-enable use the command:
sysopt connection permit-vpn
06-11-2013 07:17 AM
Hi,
Never heard of a bug that would explain this but that doesnt really mean anything.
What I seem to recal is that if you use ASDM to configure new L2L VPNs with the Wizard, you might end up changing this setting during the configuration.
And as this is a global setting applying to ALL VPN traffic if you mess up the configuration once then it applies to all traffic.
The CLI format command is
sysopt connection permit-vpn
Which is the default setting on the ASA firewall and it doesnt show on the CLI configuration. If this is disabled then you will see the
no sysopt connection permit-vpn
In the CLI configuration
Maybe an ASDM VPN Wizard configuration has caused this global configuration to become disabled?
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide