cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

WEBVPN-SVC Action Drop

zeeahmed123
Level 1
Level 1

Hi All

I  saw this post and have a similar issue; my Cisco anyconnect VPN clients  are able to access all of my internal networks accept to another site  which has a IPSEC VPN site-to-site. The Cisco ASA forwards the packets  destined to this remote site to a Cisco router which NATS the source  addresses (pool 10.17.252.0/24) to a 192.168.46.0 range. The remote  network is 155.x.x.x which I have included in my internal subnets  object-group and added a route on the ASA to route it inside.

I  have configured NAT so that it does not NAT anything from the  anyconnect client range to the internal subnets. I am using version  8.3(2) and the NAT rule is:

nat (outside,inside) source static SSLPOOL SSLPOOL destination static INSIDE_NETS INSIDE_NETS

I can still not connect to the remote side via the VPN; when I run this throught packet-tracer, I get a failure on phase 6:

Type: WEBVPN-SVC

Subtype: in

Result: DROP

Result:

Drop reason: (acl-drop) Flow is denied by configured rule

I cant seem to work out what it is that is blocking it. The NAT rule above is rule 1 in case some other NAT rule is causing the issue..

Any advice will be welcomed..

Who Me Too'd this topic