RRAS: The Site-to-Site VPN interface's traffic filters should not be blocking BGP traffic
Applies To: Windows Server 2012 R2
This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Remote Access Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.
Operating System |
Windows Server 2012 R2 |
Product/Feature |
Remote Access |
Severity |
Warning |
Category |
Configuration |
Issue
Traffic filters that are configured for the Site-to-Site VPN interface are blocking Border Gateway Protocol (BGP) traffic.
Impact
BGP Routing will not work.
Resolution
Reset the Site-to-Site VPN interface’s traffic filters to unblock BGP traffic.
Membership in Administrators, or equivalent, is the minimum required to perform these procedures.
To reset the Site-to-Site VPN interface’s traffic filters to unblock BGP traffic
Run Windows PowerShell with Administrative privileges.
Reset the Site-to-Site VPN interface’s traffic filters by using one of the following Windows PowerShell commands.
By using this command, you can specify a list of interface filters to reset.
Add-RemoteAccessIPFilter –InterfaceAlias <Interface Name> -AddressFamily <IPv4/ IPv6> -Direction <Inbound / Outbound> -Action <Allow / Deny> -List <List of filters to be applied in the format -> SourceIP/mask:DestinationIP/Mask:Protocol:ProtocolData1:ProtocolData2:>By using this command, all filters for the interface are reset.
Set-RemoteAccessIPFilter –InterfaceAlias <Interface Name> -AddressFamily <IPv4/ IPv6> -Direction <Inbound / Outbound> -Action <Allow / Deny>