09-29-2021 04:49 PM
This is the first time configuring a VPN L2L between an FPR2110 running ASA software and another real ASA.
We found that the outside access list was denying the tunneled traffic.
We needed to add permit ip 172.16.0.0 255.255.0.0 any to the ACL in order for communication to work.
Cisco Adaptive Security Appliance Software Version 9.10(1) <context>
Firepower Extensible Operating System Version 2.4(1.103)
I can't imagine that this is working as designed.
Thanks for any insight.
Solved! Go to Solution.
09-30-2021 12:28 AM
To permit any packets that come from an IPsec tunnel without checking ACLs for the source and destination interfaces, enter the sysopt connection permit-vpn command in global configuration mode.
09-30-2021 12:28 AM
To permit any packets that come from an IPsec tunnel without checking ACLs for the source and destination interfaces, enter the sysopt connection permit-vpn command in global configuration mode.
09-30-2021 05:30 AM
Thank you. It would appear someone configured the no form of that command.
act# show run | inc sysopt
no sysopt connection permit-vpn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide