cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
589
Views
0
Helpful
2
Replies

ASA picking from IPv6-pool on non IPv6 enabled Group Policy

erik.hammervold
Level 1
Level 1

Hi

 

I have a small nuisance.

We run Firepower 2130 with ASA image, and have several group policies with IPv6, but for a small set of users we need to run IPv4 only.

 

So I set up a group policy for this, but see that the ASA distributes IPv6 adresses from DfltGrpPolicy. Reconfigured and added/removed IPv6 pool and even restarted the ASA. The ASA is picking the adresses from local pools for all group policies.

 

I get the right profile, the right IPv4 scope, I do not inherit pool from DefaultGrpPolicy.

 

group-policy vpn_test attributes
split-tunnel-all-dns disable
address-pools value employee
ipv6-address-pools none
webvpn
anyconnect profiles value LAB_AC_profile type user

    * also tried with the standard employee profile*
anyconnect ask none default anyconnect

 

What am I missing here?

I haven't got this behavior on any of my other policies.



Erik
2 Replies 2

erik.hammervold
Level 1
Level 1

xxx/xx/xx# sh ver

Cisco Adaptive Security Appliance Software Version 9.12(3)
SSP Operating System Version 2.6(1.156)
Device Manager Version 7.12(2)

Compiled on Fri 22-Nov-19 14:47 PST by builders
System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.6.1.156.SPA"
Config file at boot was "startup-config"

vpn up 1 day 7 hours

Hardware: FPR-2130, 14822 MB RAM, CPU MIPS 1200 MHz, 1 CPU (12 cores)



Erik

Tested now on two boxes... Same on both. this weirds me out. Either this i a clear TAC case or I'm seriously missing some noob thing here.



Erik
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: