VPN users can't reach inside hosts after change to Zone Based Firewall
We recently upgraded our 2821 router to 12.4 T4 and changed the firewall scheme from ACL's to full Zone-Based-Firewall. Good news is that the ZBF is working great. Bad news is our SSL VPN users can no longer connect to any host on the inside or in (new) DMZ zone.
Posting sanitized config hopeful someone can help identify what is wrong with our configuration.
Thanks in advance for taking a look. Feel free to make recommendations on anything else you find as well...
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...
SymptomsDownloadable ACL (dACL) does not take effect on the IOS-XE Network Access DevicesDiagnosisCreating redirection ACL on the IOS-XE device failed to redirect the specified traffic for captive portal redirectionSolutionEnable device tracking, Below is...
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi...