4.1 - ASA

Wouldn't one need to also allow the network to talk to the network on the outside ASA ACL since we are not doing a sysopt for VPN traffic? I couldn't get the VPN to successfully pass traffic bi-directionally without updating the ACL to include said statement. Anyone else have this issue?



  • hi nick i got this working in the first shot.
    on the asa by default sysopt connection permit vpn is enabled.

    so i guess u wouldn;t need that acl in there and first of all the packets after decrypting is not going inside of asa . it;s going to R3 right.

    so the packets are decrypting on the outside are going out again pointing to R3 out of the same interface.

    all u need is same-security-traffic permit intra-interface and it will work smoothly.

    it worked for me that way.


Sign In or Register to comment.