03-14-2019 06:19 AM - edited 03-15-2019 04:27 AM
Trying to get the management tunnel feature working but it drops after certificate authentication because it complains there is an issue with the split tunnelling configuration, but I can't work out what's wrong with it. I've followed the Cisco docs, and created the ManagementTunnelAllAllowed attribute. I've enable Client Bypass Protocol, but what ever I set the Split Policy to I get the event logs below:
Function: CCustomAttributes::checkCustomAttributes
File: Xml\CustomAttributes.cpp
Line: 205
Found custom attribute ManagementTunnelAllAllowed=true/true
Function: CCvcConfig::validateMgmtTunParameters
File: vpnconfig.cpp
Line: 3647
Only IPv4 split-include or bypass-all configuration is supported for management tunnel
Function: CCvcConfig::setConfig
File: vpnconfig.cpp
Line: 1736
Invoked Functions: CCvcConfig::validateMgmtTunParameters
Return Code: -33095617 (0xFE07003F)
Description: CVCCONFIG_ERROR_INVALID_MGMT_TUN_CONFIG
I seem to get the same error if I configure Tunnel All, or Tunnel Network List. If I disable Client Bypass Protocol it complains about IPv6 which I'm not using.
Anyone any ideas? I'm obviously missing something here.
03-17-2019 03:57 PM
03-19-2019 02:13 AM
For anyone who happened to be struggling with this like me, I stumbled across another post in the community which has led me to get this working. Turns out, if on the client you have IPv6 on nontunnel interfaces disabled, then the management tunnel doesn't seem to build, no matter what split configuration you use. When IPv6 is enabled on the client, whether I'm using it or not, I can get the tunnel to build using split-include policy and Client Bypass Protocol. However the Cisco docs also state the tunnel should build when the custom tunnel all attribute is configured and policy is tunnel all, but I still can't get it to work in this configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide