cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
296
Views
0
Helpful
2
Replies
Stephen Carter
Beginner

ASA bypass ACL issue

I have a Cisco ASA 5520, running 8.2(5)26.

June 11, 2013 13.44 Shot 002.gif

When configuring some VPN site to site links, the above check box has become, of it's own nature unticked, and as there are no acl's configured, all of the VPN traffic is dropped.

What I need to know is :-

1. Is this a known issue ?

and if so, is there a bug id ?

2. What version of software fixes it ?

Thanks in advance.

2 REPLIES 2
guibarati
Enthusiast

This is a global option. If you disable it for one VPN you disable to all of them.

To re-enable use the command:

sysopt connection permit-vpn

Jouni Forss
Mentor

Hi,

Never heard of a bug that would explain this but that doesnt really mean anything.

What I seem to recal is that if you use ASDM to configure new L2L VPNs with the Wizard, you might end up changing this setting during the configuration.

And as this is a global setting applying to ALL VPN traffic if you mess up the configuration once then it applies to all traffic.

The CLI format command is

sysopt connection permit-vpn

Which is the default setting on the ASA firewall and it doesnt show on the CLI configuration. If this is disabled then you will see the

no sysopt connection permit-vpn

In the CLI configuration

Maybe an ASDM VPN Wizard configuration has caused this global configuration to become disabled?

- Jouni

Content for Community-Ad