Do Outgoing blocking rules on an interface apply to VPN tunnels?
I know that when you have the "Bypass interface access lists for inbound VPN sessions" option enabled this effectively turns on the sysopt connection permit-vpn option which allows traffic on the Site to Site VPN to bypass the incoming firewall rules. However, does this option also apply to outgoing firewall ruleson an interface? The reason I ask is because we implemented a few outgoing blocking rules on our outside interface and soon after we receives reports of certain traffic not passing on the tunnel. The tunnel itself stays up, and there are no other ACL's applied to the tunnel group policy. When we disable the outoing rule, the traffic returns to normal. This is an unexpected result. To your knowledge, are outgoing rules supposed to apply to VPN related traffic even with the sysopt connection permit-vpn option enabled?
Dear Community, So, according to the Cisco ISE Release 2.7 Administrator Guide, it should be possible to use a remote lock/wipe on MDM-devices that connect through ISE on the network( see the screenshot in the attachment).The problem is that th...
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi Everyone, Does anyone know if it is possible create a NAT for Cisco Anyconnect to a different IP so that the user doesn't have to use the External IP? We want to use a different dns name and assign to a different set group of users. Thank you...
"Choose one of the topics below to help you on your journey with NGFW/ASA"
Getting Started with Next-Genera...
Hello! I run 220.127.116.11.When I click download updates in ASDM I get:Download updates failed: Peer certificate cannot be authenticated with known CA certificates I have 3 identical devices and all of them have the same problem.. How can I fix ...