- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2017 10:12 AM - edited 03-08-2019 12:17 PM
Hi
We have a guest wifi whose SVI terminates on the firewall. I have enabled anyconnect on the inside interface so that I can connect using anyconnect from the inside where the SVI is on a switch.
But I cannot connect if I am on my guest WIFI. So on the guest wifi my traffic hits the SVI on the ASA, then I would expect it to just to the connected interface Inside, but keep getting connection failed.
I have checked access rules to allow on the guest svi to the inside ip, and also on the inside out.
When doing the packet trace I get the following result:
Input Interface: Guest
Output Interface: NP Identity Ifc
Info : No route to host
But I see the inside interface as connected so should not expect a route to it?
Thanks
Solved! Go to Solution.
- Labels:
-
Other Switching
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2017 11:39 AM
You have to use the IP of the guest interface in AnyConnect in this situation.
And webvpn has to be enabled on the guest interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2017 10:32 AM
Hi,
Can you try this "same−security−traffic permit intra−interface" ?
-If I helped you somehow, please, rate it as useful.-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2017 11:39 AM
You have to use the IP of the guest interface in AnyConnect in this situation.
And webvpn has to be enabled on the guest interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2017 02:40 AM
I have already got "same−security−traffic permit intra−interface"enabled. Did not think about enabling webvpn on the guest interface so hoping it is as simple as that.
I will try this on Monday. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2017 02:51 AM
"same−security−traffic permit intra−interface" will not hurt, but is not needed for this situation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2017 07:18 AM
That worked a treat, thankyou
Andy ideas on how I can get internet access when connected to anyconnect via my guest WIFI, if I connect to anyconnect from the inside, the internet works, if I connect to my guest ssid the internet works, if i connect to my guest ssid and then connect to anyconnect, the internet does not work
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2017 12:31 PM
Do you have split tunnel when connect to the VPN on guest? And, do you have DNS on the split tunnel?
This can be DNS problem.
