10-16-2020 05:28 AM
Hi
I have a small nuisance.
We run Firepower 2130 with ASA image, and have several group policies with IPv6, but for a small set of users we need to run IPv4 only.
So I set up a group policy for this, but see that the ASA distributes IPv6 adresses from DfltGrpPolicy. Reconfigured and added/removed IPv6 pool and even restarted the ASA. The ASA is picking the adresses from local pools for all group policies.
I get the right profile, the right IPv4 scope, I do not inherit pool from DefaultGrpPolicy.
group-policy vpn_test attributes
split-tunnel-all-dns disable
address-pools value employee
ipv6-address-pools none
webvpn
anyconnect profiles value LAB_AC_profile type user
* also tried with the standard employee profile*
anyconnect ask none default anyconnect
What am I missing here?
I haven't got this behavior on any of my other policies.
10-17-2020 10:50 AM
xxx/xx/xx# sh ver
Cisco Adaptive Security Appliance Software Version 9.12(3)
SSP Operating System Version 2.6(1.156)
Device Manager Version 7.12(2)
Compiled on Fri 22-Nov-19 14:47 PST by builders
System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.6.1.156.SPA"
Config file at boot was "startup-config"
vpn up 1 day 7 hours
Hardware: FPR-2130, 14822 MB RAM, CPU MIPS 1200 MHz, 1 CPU (12 cores)
10-19-2020 02:53 AM - edited 10-19-2020 02:53 AM
Tested now on two boxes... Same on both. this weirds me out. Either this i a clear TAC case or I'm seriously missing some noob thing here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide