Urgent. anyconnect clients not connecting to next hop.

IMESIreland · ‎02-27-2016

Have an ASA 5506 with 9.5 on it.

so I have a network set up

internal lan is 192.168.5.0
anyconnect clients get 10.10.50.0 addresses.
on the lan theres a gateway at 192.168.5.253 that is the next hop for all 192.168.254.0 addresses. Its defined by static route.

the anyconnect clients need to be able to get to the 192.168.254.0 addresses through this gateway.
In split tunnel I added the 254 address block as a tunneled network.

it just will not connect. I can ping the gateway through the vpn and the route for the 254 network is showing up on the client machine.
nothing showing up in logs about the traffic.

how can I get the vpn traffic to see the next hop.

(packet tracer says it works in both directions so its not an ACL issue id say)

William Quintero Zuniga · ‎02-27-2016

Hi,

From the description of your issue it seems like the problem is not on the ASA nor the VPN configuration, seems more like an internal routing issue. The VPN clients will get an IP within the 10.10.50.0/24 range, does the 192.168.5.253 host have a route for the 10.10.50.0 network pinting to the internal interface IP of the ASA that is facing this network?

Please share the ASA configuration and also try to setup a packet capture on the inside interface of the ASA so we can make sure the traffic is leaving for the internal network, this will also tell us if we are getting replies from the internal network.