Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2267
Views
15
Helpful
23
Replies

Remote users cannot access inside network with anyconnect on asa 5510

tater0214
Level 1
Level 1

‎07-16-2022 09:49 AM - edited ‎07-16-2022 09:53 AM

I have a Cisco ASA 5510 with anyconnect setup, users are able to connect just fine and I have split tunneling setup to allow users to use internet while connected however I cannot connect or ping anything on the inside when I connect to the vpn. I have tried adding nat rules based on other guides but I am not sure if I'm just doing it wrong or if there is another issue. Any help would be greatly appreciated and I have posed the config for reference.

Preview file
9 KB
0 Helpful
23 Replies 23

tater0214
Level 1
Level 1
In response to MHM Cisco World

‎07-17-2022 07:28 PM

Oh ok I will not worry about the L3SW/R. Packet-tracer was a success prior to removing the temporary ACL however after removing it p-t is dropped due to acl. 

0 Helpful

MHM Cisco World
VIP
VIP
In response to tater0214

‎07-18-2022 05:21 AM

Yes I know the temporary ACL will make the Packet-tracer drop but I ask for real after remove it?

0 Helpful

tater0214
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2022 09:19 AM

Yes I have removed the ACL

0 Helpful

MHM Cisco World
VIP
VIP
In response to tater0214

‎07-18-2022 03:09 PM 

C:\Users\admin>route print <- share the output of this from client PC

 

show vpn-sessiondb anyconnect <- share the output from ASA
0 Helpful

tater0214
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2022 06:17 PM

Here  are both of those

Preview file
1 KB
Preview file
2 KB
0 Helpful

MHM Cisco World
VIP
VIP

‎07-18-2022 06:41 PM 

username tater0214 attributes
 vpn-group-policy GroupPolicy_SSLVPN

 the config is wrong and that why the group policy not show the right one.

Group Policy : anyconnect             Tunnel Group : anyconnect

 you need to group-lock to make local user lock to specific group.

username xxx password xxxxxxxx encrypted
username cisco attributes
 group-lock value GroupPolicy_SSLVPN    

 and for the tunnel group I dont see any tunnel group anyconnect in your share config? are you add it later ?

0 Helpful

tater0214
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2022 07:04 PM

I apologize I changed some of the names of things to keep them simpler for me I have uploaded a new updated config. I should have uploaded an updated config earlier

Preview file
6 KB
0 Helpful

tater0214
Level 1
Level 1

‎07-19-2022 08:51 AM

I managed to get it to work and I feel quite dumb about how easy the solution was. There was an issue with the firewall on the inside host computer. I assumed that because it worked between 2 inside users it would also work between a vpn and an inside host, but I was mistaken. Thank you for all your help MHM

MHM Cisco World
VIP
VIP
In response to tater0214

‎07-19-2022 08:59 AM

You are So So welcome friend.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card