Solved: Re: AnyConnect traffic issue

neillix702 · ‎12-06-2010

Hello,

im currently running into an issue accessing to any external sites such as Yahoo, MSNBC, Google, etc. while im connected to my internal network using the Cisco AnyConnect. The issue is while im on VPN is, i cant hit any external sites or internet sites such as Yahoo.com or anything on the Internet. I dont have a problem accessing any resources on my internal network however but for some reason all traffic to the untrusted side does not work. I have setup the groups to Tunnel everything. i have also applied the hairpinning command on the firewall to give it a try but it didnt work. please help or point me to a right direction or if hairpinning does even work for AnyConnect VPN. thanks

Jennifer Halim · ‎12-06-2010

Ooops, sure.

object network obj-vpn-pool

subnet

nat (outside,outside) dynamic interface

Hope that helps.

View solution in original post

neillix702 · ‎12-06-2010

forgto to mentioned, I'm using the Cisco ASA 5520

Jennifer Halim · ‎12-06-2010

On the ASA, you would need to configure the following:

1) same-security-traffic permit intra-interface

2) NAT for the ip pool on the outside interface. Assuming that you already have "global (outside) 1", then you would need to configure:

nat (outside) 1

3) "clear xlate" after the above changes

Hope that resolves the issue.

neillix702 · ‎12-06-2010

thanks Jennifer, the command are no longer supported on the 8.3. and still trying to familiarize witht the new commands. can u please post the commands on version 8.3? thanks

Jennifer Halim · ‎12-06-2010

Ooops, sure.

object network obj-vpn-pool

subnet

nat (outside,outside) dynamic interface

Hope that helps.

neillix702 · ‎12-07-2010

thanks Jennifer it worked. oh by the way these new commands on 8.3 just confuses me

Jennifer Halim · ‎12-07-2010

You are not alone It seems to have confused a lot of people too. Hopefully we all are getting used to the new commands soon. Thanks for the rating.