10-06-2017 10:12 AM - edited 03-08-2019 12:17 PM
Hi
We have a guest wifi whose SVI terminates on the firewall. I have enabled anyconnect on the inside interface so that I can connect using anyconnect from the inside where the SVI is on a switch.
But I cannot connect if I am on my guest WIFI. So on the guest wifi my traffic hits the SVI on the ASA, then I would expect it to just to the connected interface Inside, but keep getting connection failed.
I have checked access rules to allow on the guest svi to the inside ip, and also on the inside out.
When doing the packet trace I get the following result:
Input Interface: Guest
Output Interface: NP Identity Ifc
Info : No route to host
But I see the inside interface as connected so should not expect a route to it?
Thanks
Solved! Go to Solution.
10-06-2017 11:39 AM
You have to use the IP of the guest interface in AnyConnect in this situation.
And webvpn has to be enabled on the guest interface.
10-06-2017 10:32 AM
Hi,
Can you try this "same−security−traffic permit intra−interface" ?
-If I helped you somehow, please, rate it as useful.-
10-06-2017 11:39 AM
You have to use the IP of the guest interface in AnyConnect in this situation.
And webvpn has to be enabled on the guest interface.
10-07-2017 02:40 AM
I have already got "same−security−traffic permit intra−interface"enabled. Did not think about enabling webvpn on the guest interface so hoping it is as simple as that.
I will try this on Monday. Thanks
10-07-2017 02:51 AM
"same−security−traffic permit intra−interface" will not hurt, but is not needed for this situation.
10-12-2017 07:18 AM
That worked a treat, thankyou
Andy ideas on how I can get internet access when connected to anyconnect via my guest WIFI, if I connect to anyconnect from the inside, the internet works, if I connect to my guest ssid the internet works, if i connect to my guest ssid and then connect to anyconnect, the internet does not work
10-12-2017 12:31 PM
Do you have split tunnel when connect to the VPN on guest? And, do you have DNS on the split tunnel?
This can be DNS problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide