cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
499
Views
0
Helpful
2
Replies

ASA bypass ACL issue

Stephen Carter
Level 1
Level 1

I have a Cisco ASA 5520, running 8.2(5)26.

June 11, 2013 13.44 Shot 002.gif

When configuring some VPN site to site links, the above check box has become, of it's own nature unticked, and as there are no acl's configured, all of the VPN traffic is dropped.

What I need to know is :-

1. Is this a known issue ?

and if so, is there a bug id ?

2. What version of software fixes it ?

Thanks in advance.

2 Replies 2

guibarati
Level 4
Level 4

This is a global option. If you disable it for one VPN you disable to all of them.

To re-enable use the command:

sysopt connection permit-vpn

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Never heard of a bug that would explain this but that doesnt really mean anything.

What I seem to recal is that if you use ASDM to configure new L2L VPNs with the Wizard, you might end up changing this setting during the configuration.

And as this is a global setting applying to ALL VPN traffic if you mess up the configuration once then it applies to all traffic.

The CLI format command is

sysopt connection permit-vpn

Which is the default setting on the ASA firewall and it doesnt show on the CLI configuration. If this is disabled then you will see the

no sysopt connection permit-vpn

In the CLI configuration

Maybe an ASDM VPN Wizard configuration has caused this global configuration to become disabled?

- Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: