cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
184
Views
0
Helpful
2
Replies
Highlighted

ASA picking from IPv6-pool on non IPv6 enabled Group Policy

Hi

 

I have a small nuisance.

We run Firepower 2130 with ASA image, and have several group policies with IPv6, but for a small set of users we need to run IPv4 only.

 

So I set up a group policy for this, but see that the ASA distributes IPv6 adresses from DfltGrpPolicy. Reconfigured and added/removed IPv6 pool and even restarted the ASA. The ASA is picking the adresses from local pools for all group policies.

 

I get the right profile, the right IPv4 scope, I do not inherit pool from DefaultGrpPolicy.

 

group-policy vpn_test attributes
split-tunnel-all-dns disable
address-pools value employee
ipv6-address-pools none
webvpn
anyconnect profiles value LAB_AC_profile type user

    * also tried with the standard employee profile*
anyconnect ask none default anyconnect

 

What am I missing here?

I haven't got this behavior on any of my other policies.



Erik
2 REPLIES 2
Highlighted

xxx/xx/xx# sh ver

Cisco Adaptive Security Appliance Software Version 9.12(3)
SSP Operating System Version 2.6(1.156)
Device Manager Version 7.12(2)

Compiled on Fri 22-Nov-19 14:47 PST by builders
System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.6.1.156.SPA"
Config file at boot was "startup-config"

vpn up 1 day 7 hours

Hardware: FPR-2130, 14822 MB RAM, CPU MIPS 1200 MHz, 1 CPU (12 cores)



Erik
Highlighted

Tested now on two boxes... Same on both. this weirds me out. Either this i a clear TAC case or I'm seriously missing some noob thing here.



Erik
Content for Community-Ad