Hi
I'm not very good with ASAs. We have one that suddenly started to drop all anyconnect VPN traffic (the command capture pro2 type asp-drop all circular-buffer showed all the traffic that have been dropped).
In order to let the traffic flow again, we had to remove the "sysopt connection permit-vpn" and create an ACL to permit traffic from the VPN ip pool to any, and then we had to NAT all the traffic from the outside interface behind the destination interface. Without this NAT after implementing the ACL, no packet was found with a capture, not even dropped.
Does anyone have any idea of what's happening?
No comments:
Post a Comment