Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1294
Views
0
Helpful
1
Replies

Ping connection between users on the same Anyconnect subnet

tommykang
Level 1
Level 1

‎07-13-2020 01:21 PM - edited ‎07-13-2020 01:28 PM

Hello,

 

I set up Anyconnect VPN on 5525. The Anyconnect users can ping to any internal networks but, he cannot ping the user on the same subnet with Anyconnect.

The subnet for Anyconnet is 10.0.0.0/24, the subnet for internal is 192.168.0.0/24. 

10.0.0.4 is reachable to 192.168.0.10. and also 10.0.0.5 is reachable to 192.168.0.10.

But, 10.0.0.4 cannot reach 10.0.0.5. 10.0.0.5 cannot reach 10.0.0.4 either.

When I checked the log, I could not see any blocked logs.

I was only able to see the log like below.

 

"Teardown ICMP connection fro faddr 10.0.0.5/1(LOCAL\000) gaddr 10.0.0.4/1 laddr 10.0.0.4/1 type 8 code 0"  

 

Is there anyway to ping between users on the same Anyconnt subnet?

0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎07-13-2020 01:32 PM - edited ‎07-13-2020 01:54 PM

enable same-security-traffic permit intra-interface as well as configuring a twice NAT / NAT exempt for the subnet.

Also, make sure that windows firewall is either turned off or allows ICMP on the PCs you are pinging between.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card