cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
233
Views
0
Helpful
0
Replies
Highlighted
Participant

Do Outgoing blocking rules on an interface apply to VPN tunnels?

Dear community,

 

I know that when you have the "Bypass interface access lists for inbound VPN sessions" option enabled this effectively turns on the sysopt connection permit-vpn option which allows traffic on the Site to Site VPN to bypass the incoming firewall rules. However, does this option also apply to outgoing firewall ruleson an interface? The reason I ask is because we implemented a few outgoing blocking rules on our outside interface and soon after we receives reports of certain traffic not passing on the tunnel. The tunnel itself stays up, and there are no other ACL's applied to the tunnel group policy. When we disable the outoing rule, the traffic returns to normal. This is an unexpected result. To your knowledge, are outgoing rules supposed to apply to VPN related traffic even with the sysopt connection permit-vpn option enabled?

 

Thank you. 

Everyone's tags (1)