Showing results for 
Search instead for 
Did you mean: 

Cisco FTD 5506X -AnyConnect, FW not forwarding traffic

PNW Weer


Hi All


I am struggling over 3 days to get Cisco Anyconnect profile working over Cisco FTD 5506-X HA firewalls. I am able to establish the Anyconnect session but can't reach  IP address or services inside the corporate network.

To rule out internal routing  within the corporate network, I am just trying to reach default GW of FW inside interface.  I can see traffic from the any connect client is allowed on events but firewall is not forwarding this traffic to the destination.


I only can reach inside/outside interfaces of of secondary FW, strange....

Last few days I have checked all the NAT/Access and routing, not see any issues.


Really appreciate your suggestions to resolve this issue.




3 Replies 3

Rob Ingram
VIP Master VIP Master
VIP Master
Do you have a NO NAT rule for the RA Network to the LAN Network, so traffic between SRC and DST is not natted?
Is there routes on the ASA to the inside network for the LAN? Are there routes back from the inside LAN to the RA networks via the ASA?

Can you run a packet trace and upload the output here please?

I have done the NO NAT/ACCESS and Routing accordingly.  I also verified many times.

Please note attached Trace file as requested. is the GW to FW inside interface.


Thank you for your quick response.

Looks correct from the trace. Do you have captures collected on the inside interface? Also, how does the routing look for the VPN pool on your gateway device? 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers