cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Anyconnect on MacOS (Ikev2 IPsec) to Cisco ASR1001-x connected by cannot access any hosts on remote side

Hai Dao Tuan
Level 1
Level 1

Hi All

Please advice how to change setting of MAC OS or router if necessary

My company is using Cisco ASR1001-x with IOS: asr1001x-universalk9.16.07.02.SPA.bin.

Due to ASR1001-X doesn't support SSL VPN so I did configure FlexVPN IKEv2. I am following the guide "https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html"

After following configuration, I tested on many OS and see that

   + With Windows 10, with Cisco Anyconnect (anyconnect-win-4.7.00136-predeploy-k9) -> connect successfully, can connect to hosts on VPN side normally (can ping, remote or http to Servers)

   + With Android phone, IOS (IPhone) with Cisco Anyconnect from GG/Apple stores -> connect successfully, can connect to host on VPN side normally (can ping, or access http to Servers)

   *** BUT with MAC OS 10.14 (mojave), 10.13 (high sierra) with Cisco Anyconnect (anyconnect-macos-4.7.00136-predeploy-k9.dmg) -> connect successfully. But cannot connect to any hosts on VPN side by all protocols ping/tracert/remote/http....

I did some checking as

   1.  I used the same profile that was used on Windows 10 but the situation still the same.

   2. After VPN connected, with "netstat -rn" I can see the route to VPN on MacOS but I don't know why all connections were fail.

-----------------

Mac:~$ netstat -rn
Routing tables
Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.68.254     UGSc           75        2     en0

10.136/16          192.168.102.9      UGSc            0        0   utun1  -> this is the split tunnel route

..

------------

   3. On router 1001-X, when I showed "show crypto session detail " I could see the packets increase when ping from MAC OS even the pings were timeout

Inbound:  #pkts dec'ed 34 drop 0 life (KB/Sec) 4607997/2711
        Outbound: #pkts enc'ed 10 drop 0 life (KB/Sec) 4607999/2711

 

Please advise how can I do to use Anyconnect VPN on MacOS to ASR1001-x

The link I followed and also mentioned above: "https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html"

 

Many tks

Hai

 

Who Me Too'd this topic