Cisco WebVPN Acl?

I have been experimenting with the Cisco WebVPN, and it has me a bit confused. I am using reflexive access lists and whenever I make a web request over the WebVPN, the return traffic is denied. I'm not sure why. Here is an excerpt of my config file:

interface FastEthernet4 description Unprotected interface, facing towards Internet ip address dhcp ip access-group InternetIn in ip access-group InternetOut out no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip flow ingress ip multicast boundary 30 ip nat outside ip virtual-reassembly duplex auto speed auto

ip access-list extended InternetIn evaluate InternetOutPackets

ip access-list extended InternetOut permit tcp any any eq www reflect InternetOutPackets timeout 300 permit tcp any any eq 443 reflect InternetOutPackets timeout 300

If the full config log is required, let me know and I can sanitize it before posting. Anyhow, when I make a web request via the WebVPN portal, to say, I receive the following message:

*Jan 3 01:03:01.235 EST: %SEC-6-IPACCESSLOGP: list InternetIn denied tcp (FastEthernet4 001d.70af.aee2) -> 67.163.xx.xx(21481), 1 packet

I don't know why, but it appears as if any requests made via the WebVPN do not create the corresponding reflexive ACL.


Also, as an aside, will the WebVPN work on both Linux and Windows computers? As far as I can tell, it should, I just haven't been able to test this yet.



Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.