https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107754#M395410 <HTML><HEAD></HEAD><BODY><P>I have tried doin so but no luck dear.</P><P></P><P></P><P>Regards <BR />Thanveer <BR />"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."</P></BODY></HTML> Wed, 21 Nov 2012 11:07:58 GMT Muhammad Thanveer 2012-11-21T11:07:58Z https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107750#M395400 <P>Hi,</P><P></P><P>I am able to connect to any connect and able to access ssh telnet ftp http and https but not able to connect rdp</P><P></P><P></P><P>Regards <BR />Thanveer <BR />"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Tue, 12 Mar 2019 00:25:20 GMT https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107750#M395400 Muhammad Thanveer 2019-03-12T00:25:20Z https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107751#M395403 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you provide where you are connecting with RDP from and to what destination IP address?</P><P></P><P>Are you connecting with RDP to the same host where you are able to connect with SHH, Telnet, FTP, HTTP and HTTPS</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 21 Nov 2012 09:07:07 GMT https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107751#M395403 Jouni Forss 2012-11-21T09:07:07Z https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107752#M395405 <HTML><HEAD></HEAD><BODY><P> Hi JouniForss,</P><P></P><P>Thanks for the reply,</P><P></P><P>1) Source will be from the pool 192.168.60.0/24 and thd destination will be 192.168.50.0/24</P><P>2) Yes I am tryinh to take rdp to one of my servers for which http and rdp services are enabled.</P><P></P><P>Regards <BR />Thanveer <BR />"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."</P></BODY></HTML> Wed, 21 Nov 2012 09:18:51 GMT https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107752#M395405 Muhammad Thanveer 2012-11-21T09:18:51Z https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107753#M395406 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>So you are connection to the ASA first with Cisco AnyConnect VPN and the VPN pool is <STRONG>192.168.60.2-192.168.60.9</STRONG></P><P></P><P>As you want to connect to the network <STRONG>192.168.50.0/24</STRONG> with their original IP addresses and not do NAT you need a NAT0 configuration.</P><P></P><P>It seems you have the following NAT0 configuration for your <STRONG>"inside"</STRONG> interface</P><P></P><P><STRONG>nat (inside) 0 access-list inside_nat0_outbound</STRONG></P><P></P><P><STRONG>access-list inside_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 172.30.1.0 255.255.255.0 </STRONG></P><P><STRONG>access-list inside_nat0_outbound extended permit ip any object-group DM_INLINE_NETWORK_1 </STRONG></P><P><SPAN style="color: #ff0000;"><STRONG>access-list inside_nat0_outbound extended permit ip 192.168.60.0 255.255.255.0 192.168.50.0 255.255.255.0</STRONG></SPAN></P><P></P><P>It seems to me atleast that you NAT0 rule doesnt include the traffic between 192.168.50.0/24 and 192.168.60.0/24</P><P></P><P>Have you by any chance added the last <STRONG>"inside_nat0_outbound"</STRONG> ACL line (marked with red) while trying to get this to work?</P><P></P><P><SPAN style="color: #ff0000;"><STRONG>access-list inside_nat0_outbound extended permit ip 192.168.60.0 255.255.255.0 192.168.50.0 255.255.255.0</STRONG></SPAN></P><P></P><P>To me it seems you would need to reverse the networks in that statement to</P><P></P><P><SPAN style="color: #339966;"><STRONG>access-list inside_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 192.168.60.0 255.255.255.0</STRONG></SPAN></P><P></P><P>This is because the NAT rule and the ACL is done for the <STRONG>"inside"</STRONG> interface, therefore you need to use the <STRONG>"inside"</STRONG> interface networks as the source address for the NAT0 rule. This will still apply to traffic from the VPN pool to the LAN network of 192.168.50.0/24 also.</P><P></P><P>This is atleast what it seems to me. Though if I'm correct this would mean you could not at the moment connect to any host on the 192.168.50.0/24 LAN network from your VPN Pool of 192.168.60.0/24?</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 21 Nov 2012 09:39:23 GMT https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107753#M395406 Jouni Forss 2012-11-21T09:39:23Z https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107754#M395410 <HTML><HEAD></HEAD><BODY><P>I have tried doin so but no luck dear.</P><P></P><P></P><P>Regards <BR />Thanveer <BR />"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."</P></BODY></HTML> Wed, 21 Nov 2012 11:07:58 GMT https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107754#M395410 Muhammad Thanveer 2012-11-21T11:07:58Z https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107755#M395415 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If possible, you should try to get log information of the connection attempt from the ASA.</P><P></P><P>Log about the connection when its formed and when its torn down from the ASA. Unless its ofcouse blocked by the ASA.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 21 Nov 2012 11:13:38 GMT https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107755#M395415 Jouni Forss 2012-11-21T11:13:38Z https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107756#M395422 <HTML><HEAD></HEAD><BODY><P>Might be&nbsp; IP Pool i have asigned is overlapping with the Pool on my coreswitch, let me also check this.</P><P></P><P>Regards <BR />Thanveer <BR />"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."</P></BODY></HTML> Wed, 21 Nov 2012 11:59:22 GMT https://community.cisco.com/t5/network-security/able-to-connect-to-anyconnect-and-access-ssh-ftp-telnet-http-and/m-p/2107756#M395422 Muhammad Thanveer 2012-11-21T11:59:22Z