cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
596
Views
0
Helpful
0
Replies

Do Outgoing blocking rules on an interface apply to VPN tunnels?

Craddockc
Level 3
Level 3

Dear community,

 

I know that when you have the "Bypass interface access lists for inbound VPN sessions" option enabled this effectively turns on the sysopt connection permit-vpn option which allows traffic on the Site to Site VPN to bypass the incoming firewall rules. However, does this option also apply to outgoing firewall ruleson an interface? The reason I ask is because we implemented a few outgoing blocking rules on our outside interface and soon after we receives reports of certain traffic not passing on the tunnel. The tunnel itself stays up, and there are no other ACL's applied to the tunnel group policy. When we disable the outoing rule, the traffic returns to normal. This is an unexpected result. To your knowledge, are outgoing rules supposed to apply to VPN related traffic even with the sysopt connection permit-vpn option enabled?

 

Thank you. 

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: