Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1158
Views
0
Helpful
3
Replies

Unable to access a subnet from Cisco AnyConnect Client

Go to solution
Gregory Forster
Level 1
Level 1

‎04-08-2020 04:31 PM

Good Evening,

    I am using an ASAv30, and I have created an AnyConnect VPN. I have added the routes to all specific subnets that need to be reached, but for some reason I am not able to reach 2 of the subnets from the AnyConnect client. I am able to the subnets directly from the ASAv30 with no issues. Has any one experienced this before.

 

Please help if you can.

 

ASA OS 9.8(4)17

ASDM 9.13(1)

 

Thank you Greg

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gregory Forster
Level 1
Level 1
In response to Francesco Molino

‎04-09-2020 04:58 AM

Francesco Molino,

I was able to resolve the issue on my own. The traffic was flowing out from the ASA and making it to the endpoint. The issue was on the return route. I had to change the route back to the AnyConnect client to the proper next hop IP.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎04-08-2020 08:00 PM

Hi

Can you share your asa config please?
You said you put route on ASA to reach inside subnets not directly connected.
Are you sure the route from the LAN side to VPN Pool is there?
It could also be a simple nat misconfiguration.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Gregory Forster
Level 1
Level 1
In response to Francesco Molino

‎04-09-2020 04:58 AM

Francesco Molino,

I was able to resolve the issue on my own. The traffic was flowing out from the ASA and making it to the endpoint. The issue was on the return route. I had to change the route back to the AnyConnect client to the proper next hop IP.
0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎04-09-2020 12:59 AM

Hi,

 

    Ensure that the network behind the ASA has routes for the AC VPN pool, towards the ASA. Ensure that if you have NAT configured, traffic from all subnets you want to reach over VPN towards the VPN pool is excludedyou from NAT. Ensure that if you use split-tunneling with Anyconnect, all the subnets that you want to reach are included in your split-tunnel policy. If you use VPN filter, ensure the filter allows the traffic. Can you simulate via packet-tracer the AC VPN traffic for resources that you can access and for resources that you cannot access? Let's say you can access 10.10.10.1 and cannot access 10.20.20.1.Post the output of the packet-tracer:

  

packet-tracer input outside tcp x.x.x.x (vpn pool IP) 20000 10.10.10.1 80 detailed

packet-tracer input outside tcp x.x.x.x (vpn pool IP) 20000 10.20.20.1 80 detailed

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card