Enable Sysopt Settings

The crypto map ACL bound to the outgoing interface either permits or denies IPsec packets through the VPN tunnel. IPsec authenticates and deciphers packets that arrive from an IPsec tunnel, and subjects them to evaluation against the ACL associated with the tunnel.

ACLs define which IP traffic to protect. For example, you can create ACLs to protect all IP traffic between two subnets or two hosts.

Procedure

Step 1

In the edit ASA system settings page, click Sysopt in the left pane.

Step 2

Uncheck the Retain existing values checkbox to configure the values for the shared ASA system settings policy.

Important

If the Retain existing values check box is selected, you can't configure the values as the fields are hidden. CDO uses the existing local values of the ASA device for this setting and doesn't inherit from the shared policy.

Step 3

Enable Allow VPN traffic to bypass interface access lists bypasses the ACL inspection.

Step 4

Click Save.