Hello,

From the core switches, I can ping, telnet, and view CDP related info to all my other switches.

Okay, so your LAN is OK.

It might be a rule-set on the firewall where your VPN is terminating on that needs to be checked? Do you see any permit's / deny's on the FW logs for your IP when trying to telnet?

Also is the management SVIs for the access switches in the same network as your Core SVI that you are connecting to?

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Hello,

I don't have any FW rules set on this device because we have an ASA on the inside of our network that handles the FW rules.  The secure VPN gateway only terminates the SSL VPN connections.  It worked fine yesterday but now it's not working.

Also is the management SVIs for the access switches in the same network as your Core SVI that you are connecting to?

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Yes.  All switches (core and access layer) are all in the same subnet (10.1.0.0/16).

Hello

have a weird issue.  We had an issue last night that wrecked havoc on our network that mainly affected our workstations.  Apparently, an MBAM definition file quarantined a certain DLL file that caused our PCs to crash

maybe your looking at this from the wrong end?  Try turning your pc's Software FW and HostIPS( if applicable) off

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

I turned off all real-time protection software on my PC and its still not working.  I don't see how this could a problem anyway.  This was working before and my laptop isn't part of our domain so it didn't receive this MBAM update.  Even if it did, why would I be able to access my core switches but not my access layer switches when no config changes were made?

Hello

"Even if it did, why would I be able to access my core switches but not my access layer switches when no config changes were made?"

Well It seems something has changed as now you cannot access the whole estate, so even trying the simpest things first is boxed ticked.

Have you tried another pc with vpn access

Can you restart/reload the ssl vpn box?

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

I've been in the IT industry long enough to know that you're right, haha.  The smallest thing can cause some of the strangest problems.  I do have another PC to try but I have not restarted the VPN gateway since this has occured.  I didn't think about it since my traceroute shows that I only go as far as my core switch and then times out after that.  As for trying it at another PC, I've just tried it from my personal home desktop and am getting the same thing.  I cleared the arp cache, flushed DNS and registered DNS, released/renewed my IP, and reconnected to the VPN.  Still same issue.  Also, I have compared our current running configuration with a backed up configuration of our core switches and nothing that would prevent access to any of the other switches have been configured.  Just weird!

Terence

Is it possible the arp caches on the switches are corrupted?

Sent from Cisco Technical Support iPad App

Hello,

It's quite possible and wouldn't rule it out but I don't think so in this case.  The reason is because I can get to these switches from my PC in the office but not while I'm connected via VPN.  Here's another quick update.  We have both 4500 and 2900 series switches at the access layers and I'm able to reach the 2900 series switches from the VPN; it's only the 4500 switches I can't reach via VPN.  I did clear the arp cache and the mac address table.  The only thing I haven't done is reboot it because I want to be in the office when I do.