08-03-2022 02:04 PM
I am using Mobaxterm terminal emulator on a Windows machine, to connect to various HPC clusters. I also have a corporate VPN using AnyConnect. When the VPN is connected, I can access my company's machines, but SSH connections to external machines time out. If I disconnect the VPN, I can connect to the external machine. Using the -vv flag on the ssh command, I can see that when the VPN is disconnected, the SSH connection completes immediately. With the VPN connected, the URL resolves to the same IP address and port (22), but the connection times out.
08-03-2022 02:26 PM
Hello,
which Windows (10/11) and which AnyConnect client version are you running ?
08-03-2022 03:20 PM
Windows 10 Enterprise, Cisco AnyConnect Secure Mobility Client 4.10.05085
08-03-2022 02:35 PM - edited 08-03-2022 03:20 PM
In the split tunnel of the interesting traffic do you have the trusted network listed in AnyConnect? If you open any connect while connected click on the gear icon, click Route Details, do you see your subnetwork listed?
08-03-2022 03:27 PM
I have no idea what your first question means. Route Details displays a lot of IP/port entries. I am not sure what you mean by "your subnetwork". If you mean, the IP/port of the remote machine I am trying to contact, no, it's not in the list.
08-04-2022 12:14 AM
Hello,
as far as I recall, and I could be off here, the older versions of AnyConnect had an option to enable split tunneling (which allows you to maintain unencrypted access to the Internet, and that is most likely the cause of your issue), but on the newer ones, this can only be set in the group policy on the server (e.g. ASA side), for security reasons.
Not sure if that is an option, but the native Windows 10 VPN client lets you configure split tunneling. How to set this up is described in the link below:
08-04-2022 11:23 AM
Thanks, that sounds like it would be a solution, if I had control of this machine. Unfortunately, it belongs to my employer, and is pretty tightly locked down. I will need to see what tech support says about the issue, but it sounds as if "split tunneling" is what I need.
08-05-2022 11:55 PM
Hello,
do the 'external' machines you want to reach belong to that same company ? Judging from what you say about your employer's security policy, you would probably need to make the business case as to why you need to access these external devices...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide