Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
2
Replies

Unable to create Anyconnect IPv6 tunnel

Philip Brown
Level 1
Level 1

‎01-09-2018 12:33 AM - edited ‎03-12-2019 04:53 AM

Hi,

                I am having problems getting Anyconnect to work with IPv6.

As can be seen below from the live log entries, the session attempts are being discarded due to an ACL even though the ‘Bypass interface access lists for inbound VPN sessions’ is enabled.

 Live log ACL.png

The ASA’s are 5545’s, the OS version is 9.6(3).1 and the Anyconnect client involved is version 4.4.0234, an IPv6 pool has not been configured.

Any ideas

Labels:
0 Helpful
2 Replies 2

Bogdan Nita
VIP Alumni
VIP Alumni

‎01-09-2018 01:59 AM

The  ‘Bypass interface access lists for inbound VPN sessions’ would apply to the decrypted traffic, inside the tunnel.

From the logs it seems the ASA is dropping the encrypted traffic coming in on the outside interface.

Did you enable anyconnect on the outside interface?

webvpn

 enable OUTSIDE
 anyconnect enable

0 Helpful

Philip Brown
Level 1
Level 1
In response to Bogdan Nita

‎01-09-2018 02:03 AM

Hi Bogdan,
Anyconnect is, and has been working for years, enabled on the Outside Interface.
Phil

0 Helpful
Customers Also Viewed These Support Documents