topic Hi Kevin,I have managed to in Network Security

Anyconnect on ASA cannot reach Servers on Lan

pcromwell — Tue, 12 Mar 2019 04:08:41 GMT

I have an ASA 5510 I can successfully create a anyconnect ssl client VPN tunnel and can succesfully ping a server on the Voice vlan. However I need to make connections to the voice servers, but they just timeout. On the ASA logging, is says "connection denied as there is no syn in the packet"

from looking around the web People are suggesting this error means an asymmetric route. I don't believe I have this. My setup is

VPN -> ASA -> Router (192.168.8.0,network doing all the routing) -> Vlans 5 and 6 created on switches.

I have attached my running config, they are not the actual ip addresses but representations.

I am hoping it is something obvious that I have overlooked.

ASA version is 9.1

Can you do me a favor and get

jumora — Wed, 30 Apr 2014 21:19:48 GMT

Can you do me a favor and get me if possible logs from the ASA when you try to establish communication. On ASDM need to enable logging at debugging level and then go to monitoring > logging > Real time log viewer and filter out the anyconnect address.

You can also setup capture through capture wizard, just select the local interface and specify anyconnect client address and destination IP.

Upon taking a quick look it

kevin_giusti — Wed, 30 Apr 2014 22:09:24 GMT

Upon taking a quick look it looks like you are missing your twice NAT entries.

ex.

object network 192.168.3.0-24

subnet 192.168.3.0 255.255.255.0

object network 2.2.2.0-24

subnet 2.2.2.0 255.255.255.0

nat (voice,outside) source static 192.168.3.0-24 192.168.3.0-24 destination static 2.2.2.0-24 2.2.2.0-24 no-proxy-arp route-lookup

I had neglected to mention, I

pcromwell — Thu, 01 May 2014 05:35:40 GMT

I had neglected to mention, I am not using Nat, The ASA is for VPN's only

Ok, am I understanding this

kevin_giusti — Fri, 02 May 2014 13:32:32 GMT

Ok, am I understanding this correctly that when you connect you can ping the voice servers no problem however for example you cannot create a http or some other service connection to them?

Hi Kevin,I have managed to

pcromwell — Fri, 02 May 2014 13:58:28 GMT

Hi Kevin,

I have managed to sort it out. it was asymmetric routing, that was the issue. after doing TCP inspect bypass, it has all worked fine

Please mark your ticket as

jumora — Wed, 14 May 2014 21:24:22 GMT

Please mark your ticket as answered so that it does not show as active.