01-26-2014 06:05 PM - edited 03-11-2019 08:36 PM
Hi Everyone,
I have config both anyconnect and RA split tunnel VPN on the ASA.
When using anyconnect client i can connect to Inside network fine but can not access internet sites.
I have this ACL to allow only 10.0.0.0 subnet traffic via Anyconnect client.
Internet traffic should not be using anyconnect tunnel.
access-list just-10 line 1 remark ACL to only Allow 10.0.0.0/24 through Tunnel
access-list just-10 line 2 standard permit 10.0.0.0 255.255.255.0 (hitcnt=0) 0xb8dcdb54
Regards
MAhesh
Solved! Go to Solution.
01-27-2014 12:45 AM
Hi,
If you are seeing this traffic on the ASA then it means this traffic is tunneled to the ASA through the VPN connection as you can see from the log message.
If would still like to see some configirations to rule out possible problems on the ASA
show run username anyconnect_user
show run tunnel-group
show run group-policy
Naturally use the "tunnel-group" and "group-policy" names that your connection uses.
There are some DNS related settings with SSL VPN but to my understanding with the currently given information it should not affect your situation.
- Jouni
01-26-2014 06:22 PM
Hi,
also when i open to access any internet website log shows
Jan 26 2014 19:18:39: %ASA-6-302016: Teardown UDP connection 55050 for outside:10.0.0.51/52176(LOCAL\anyconnect_user) to outside:64.59.144.19/53 duration 0:00:00 bytes 0 (anyconnect_user)
Where 10.0.0.51 is VPN Client IP.
Also when i do nslookup to google.ca
it shows DNS request time out
Where DNS server IP is 64.59.144.19
Regards
MAhesh
01-27-2014 12:45 AM
Hi,
If you are seeing this traffic on the ASA then it means this traffic is tunneled to the ASA through the VPN connection as you can see from the log message.
If would still like to see some configirations to rule out possible problems on the ASA
show run username anyconnect_user
show run tunnel-group
show run group-policy
Naturally use the "tunnel-group" and "group-policy" names that your connection uses.
There are some DNS related settings with SSL VPN but to my understanding with the currently given information it should not affect your situation.
- Jouni
01-31-2014 10:39 AM
Hi Mahesh,
Were you able to determine the cause of this problem?
- Jouni
01-31-2014 11:04 AM
Hi Jouni,
Issue was that i was using split tunneling and using ASDM i selected option allowed tunnel and choose the option under IPV6 .
Once i choose under right field all was good.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide