04-17-2024 08:38 AM
HI
We have several Policy based VPNs, I have read in a Cisco document that the sysopt permit-vpn is not supported with Route based VPN and I will need to configure access control for this, so that being said does this affect our policy based VPNs which have the Bypass access Control for Decrypted traffic (sysopt permit-vpn) box checked or will they be ok.?
Thanks
Solved! Go to Solution.
04-24-2024 03:46 AM
@benolyndav you can create a route based VPN, just create explict Access Control rules for traffic that is routed over that route-based VPN tunnel.
04-17-2024 08:41 AM
@benolyndav traffic VPNs (Policy or Routed based) on FTD need to be explictly permitted in the Access Control rules.
I would not want to bypass the ACP for VPN traffic, it is better to explictly allow/deny the traffic.
04-24-2024 03:30 AM
Hi @Rob Ingram
Yes I agree but unfortunatley thats the way the VPNs are configured with the sysopt box checked I have wondered why myself.
Cisco's documentation as this line below , dose this mean I cant create a route based VPNs as we have sysop selected on our policy based VPNs, .??
(Note: sysopt connection permit-vpn does not work with Route Based VPN tunnels. The Access Control Rules need to be configured for both IN- OUT zones and OUT - IN zones.)
Thanks
04-24-2024 03:46 AM
@benolyndav you can create a route based VPN, just create explict Access Control rules for traffic that is routed over that route-based VPN tunnel.
04-24-2024 04:07 AM
When you use use sysopt permit vpn it effect traffic pass through interface you enable ipsec on it'
The route-based vpn use different interface and hence not effect by sysopt (bypass).
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide