06-15-2022 10:15 AM
I have a lab were I am trying to get VPN AnyConnect traffic to access a server on vlan 10 of the inside network. But it wont reach the server, I can access everything on Vlan 1. The server can ping and traceroute to the VPN client, VPN client cannot ping and tracert fails at first hop.
I have sub interface on Firepower for VLAN's on inside interface from what I understand that creates a trunk port for Firepower devices.
I have Nat rules in place and added Vlan address to ACL for VPN traffic.
IP schema:
VPN - 10.10.101.0/24 (Vlan 1 can access / Vlan 10 can reach)
VLAN10 - 192.168.10.0/24 (All Vlans can reach on internal network, VPN cannot reach)
VLAN1 - 192.168.1.0/24 (VPN can access both ways)
Not sure what I am missing??
06-15-2022 10:17 AM
wht you see in the Logs, when the VPN user try to access server, what you see in the Logs ?
Just thinking, you may not have ACL in place from VPN IP address to Server IP (this just guess)
06-15-2022 11:16 AM
I don't see anything in the logs on firepower or Anyconnect about failed connections. I added the VLan address to same ACL that connects Vlan 1 to VPN still no connection.
06-15-2022 10:20 AM
In fw you need
Static route toward the interface connect to vlan 10
In other side you need static route of anyconnect pool to interface of FW
06-15-2022 11:01 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide