https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790914#M1098558 <P>Your failure description is quite vague ...</P> <P>But at least you have to make sure that the NAT-exemption rule is above the general internet rule. And I would configure this in the same logic as the "normal" NAT rule: From "any" to "outside".&nbsp;</P> Fri, 10 Mar 2023 06:38:49 GMT Karsten Iwen 2023-03-10T06:38:49Z https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790908#M1098557 <P>Anyconnect is not able to connect to the server error!!</P><P>Firewall in BVI mode -&nbsp;&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 10 Mar 2023 06:11:46 GMT https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790908#M1098557 saids3 2023-03-10T06:11:46Z https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790914#M1098558 <P>Your failure description is quite vague ...</P> <P>But at least you have to make sure that the NAT-exemption rule is above the general internet rule. And I would configure this in the same logic as the "normal" NAT rule: From "any" to "outside".&nbsp;</P> Fri, 10 Mar 2023 06:38:49 GMT https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790914#M1098558 Karsten Iwen 2023-03-10T06:38:49Z https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790918#M1098559 <P>I'm sorry for the lack of information!&nbsp;</P><P>I'm trying to VPN my office from ouside network like a cafe or any other source wifi! I'm not able to get this right!!&nbsp;</P> Fri, 10 Mar 2023 06:47:32 GMT https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790918#M1098559 saids3 2023-03-10T06:47:32Z https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790930#M1098560 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/325766">@Karsten Iwen</a>&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/287680">@Sheraz.Salim</a>&nbsp; <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;This is what happened when I shift anyconnect nat to the top -&nbsp;</P><P>1. I can connect through anyconnect working perfectly but the second nat will stop working (OPEN-DSM).&nbsp;</P><P>2. I can't ping my inside network like 10.206.167.111&nbsp;</P> Fri, 10 Mar 2023 12:00:23 GMT https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4790930#M1098560 saids3 2023-03-10T12:00:23Z https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4795313#M1098714 <P>The nat rule of anyconnect is wrong. you need to exempt the vpn pool and the local subnet in order to reach the resource behind the Firewall. the rule you have it wont all you to connect the vpn AC behind the firewall.</P> <P>your nat rule should be in this order. I am writing the ASA code as I dont have FTD so you can work it around.</P> <P>nat(inside,outside) source static local-network local-network destin static vpn-pool vpn-pool no proxy arp route-lookup.</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 16 Mar 2023 08:31:38 GMT https://community.cisco.com/t5/network-security/cisco-firepower-anyconnect-failuer/m-p/4795313#M1098714 Sheraz.Salim 2023-03-16T08:31:38Z