cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1237
Views
0
Helpful
8
Replies

Allow VPN client access from the VPN router directly

szemolbakk
Level 1
Level 1

Hello,

I've set up anyconnect on a 800 series router succesfully. VPN clients can reach LAN addresses fine. LAN clients can also reach VPN connected machines, except from the router itself.

They are on the same subnet (10.10.10.0/24). Tunnel mode is split include the whole internal subnet.

Is it possible at all to reach VPN clients from the router directly?

Many thanks!

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

how is your VTY lines config does it have any access class ?

Ip access-list extended vpn-client

Permit ip x.x.x.x 

Line vty 0 4

Access-class vpn-client in

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

Thanks for the suggestion.

I've added the following but still cannot access the VPN client from the router.

ip access-list extended vpn-client
permit ip 10.10.10.0 0.0.0.255 any

line vty 0 4
access-class vpn-client in
transport input ssh

Best regards,

Andras

When you try to access  to router via RA use any other interface except the one that use for VPN (the one that you use to establish VPN).

MHM

what IP address you trying to SSH (now we know VPN IP address range ?)

Try troubleshooting, open ASDM monitor the real time logs, and try to SSH from VPN IP and check ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Anyconnect listens on Cellular interface (LTE router). When I connect via anyconnect (cellular pulbic IP) I got an IP from the defined VPN pool. (10.10.10.80 10.10.10.90). I can reach any local address including routers' 10.10.10.1 from the VPN client but from the router I cannot reach (ping,etc) the VPN connected devices. Other devices on the LAN for example the wifi AP (10.10.10.3) can ping the VPN connected device also.

I am bit confused here - 

clarify you have issue from Remote Access VPN to ping to connected device

example VPN Server IP 10.10.10.1  - Client ip example 10.10.10.81 - this is not working ?

and you confirmed that you able to ping Client IP example 10.10.10.81 to Client IP10.10.10.90 - working ?

you need to post show run config here (to verify ) - or refer below document.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/vpn/asa-99-vpn-config/vpn-params.html#ID-2443-00000020

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Can you try pinging the VPN client using ping with source interface the LAN interface?

Regards, LG
*** Please Rate All Helpful Responses ***

Hello,

what do you mean by 'accessing the VPN clients from the router' ? What kind of access are you talking about ?