06-24-2020 05:09 AM - edited 06-24-2020 05:35 AM
We are tunnelling all traffic of the VPN user to the inside interface with a tunnelled route. However, when a VPN user connects on anyconnect they cant get a DHCP address from the DHCP server.
TunnelGroup <RemoteVPNUsers> GroupPolicy <GroupPolicy_RemoteVPNUsers> No IPv6 address available for SVC connection
Failed to locate egress interface for UDP from Inside:dhcpserver/67 to 10.200.211.0/67
Config:
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (Inside,Outside) source static any any destination static Obj-AnyconnectPool Obj-AnyconnectPool
!
object network obj_any
nat (Inside,Outside) dynamic interface dns
access-group Inside_access_in in interface Inside
route Outside 0.0.0.0 0.0.0.0 **masked*** 1
route Inside dc1 255.255.255.255 10.200.10.254 1
route Inside dhcpserver 255.255.255.255 10.200.10.254 1
route Inside dc3 255.255.255.255 10.200.10.254 1
route Inside 0.0.0.0 0.0.0.0 10.200.10.254 tunneled
webvpn
enable Outside
hostscan image disk0:/hostscan_4.3.05028-k9.pkg
hostscan enable
anyconnect image disk0:/anyconnect-win-4.5.02033-webdeploy-k9.pkg 1
anyconnect profiles Jupiter disk0:/jupiter.xml
anyconnect enable
tunnel-group-list enable
keepout "Service out temporarily."
cache
disable
error-recovery disable
group-policy GroupPolicy_RemoteVPNUsers internal
group-policy GroupPolicy_RemoteVPNUsers attributes
wins-server none
dns-server value dhcpserver dc2
dhcp-network-scope 10.200.211.0
vpn-simultaneous-logins 1
vpn-tunnel-protocol ssl-client
password-storage disable
default-domain value jth.local
webvpn
anyconnect ssl dtls enable
anyconnect mtu 1300
anyconnect ssl compression lzs
anyconnect dtls compression lzs
anyconnect modules value dart,posture
anyconnect profiles value Jupiter type user
customization value CiscoDuo
dynamic-access-policy-record DfltAccessPolicy
description "Default Policy"
tunnel-group RemoteVPNUsers type remote-access
tunnel-group RemoteVPNUsers general-attributes
authentication-server-group Kerberos
secondary-authentication-server-group Duo-LDAP use-primary-username
default-group-policy GroupPolicy_RemoteVPNUsers
dhcp-server dhcpserver
tunnel-group RemoteVPNUsers webvpn-attributes
customization CiscoDuo
group-alias RemoteVPNUsers enable
06-24-2020 07:34 AM - edited 06-24-2020 07:35 AM
Your "route inside" statements have the address and netmask fields reversed.