10-16-2020 05:28 AM
Hi
I have a small nuisance.
We run Firepower 2130 with ASA image, and have several group policies with IPv6, but for a small set of users we need to run IPv4 only.
So I set up a group policy for this, but see that the ASA distributes IPv6 adresses from DfltGrpPolicy. Reconfigured and added/removed IPv6 pool and even restarted the ASA. The ASA is picking the adresses from local pools for all group policies.
I get the right profile, the right IPv4 scope, I do not inherit pool from DefaultGrpPolicy.
group-policy vpn_test attributes
split-tunnel-all-dns disable
address-pools value employee
ipv6-address-pools none
webvpn
anyconnect profiles value LAB_AC_profile type user
* also tried with the standard employee profile*
anyconnect ask none default anyconnect
What am I missing here?
I haven't got this behavior on any of my other policies.
10-17-2020 10:50 AM
xxx/xx/xx# sh ver
Cisco Adaptive Security Appliance Software Version 9.12(3)
SSP Operating System Version 2.6(1.156)
Device Manager Version 7.12(2)
Compiled on Fri 22-Nov-19 14:47 PST by builders
System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.6.1.156.SPA"
Config file at boot was "startup-config"
vpn up 1 day 7 hours
Hardware: FPR-2130, 14822 MB RAM, CPU MIPS 1200 MHz, 1 CPU (12 cores)
10-19-2020 02:53 AM - edited 10-19-2020 02:53 AM
Tested now on two boxes... Same on both. this weirds me out. Either this i a clear TAC case or I'm seriously missing some noob thing here.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: