Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1831
Views
20
Helpful
6
Replies

Anyconnect to inside interface

Go to solution
Mokhalil82
Level 4
Level 4

‎10-06-2017 10:12 AM - edited ‎03-08-2019 12:17 PM

Hi

 

We have a guest wifi whose SVI terminates on the firewall. I have enabled anyconnect on the inside interface so that I can connect using anyconnect from the inside where the SVI is on a switch. 

But I cannot connect if I am on my guest WIFI. So on the guest wifi my traffic hits the SVI on the ASA, then I would expect it to just to the connected interface Inside, but keep getting connection failed.

 

I have checked access rules to allow on the guest svi to the inside ip, and also on the inside out.

When doing the packet trace I get the following result:

Input Interface: Guest

Output Interface: NP Identity Ifc

Info : No route to host

But I see the inside interface as connected so should not expect a route to it?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎10-06-2017 11:39 AM

You have to use the IP of the guest interface in AnyConnect in this situation.

And webvpn has to be enabled on the guest interface.

View solution in original post

6 Replies 6

Go to solution
Flavio Miranda
VIP
VIP

‎10-06-2017 10:32 AM

Hi,

 Can you try this "same−security−traffic permit intra−interface" ?

 

 

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

Go to solution
Karsten Iwen
VIP
VIP

‎10-06-2017 11:39 AM

You have to use the IP of the guest interface in AnyConnect in this situation.

And webvpn has to be enabled on the guest interface.

Go to solution
Mokhalil82
Level 4
Level 4
In response to Karsten Iwen

‎10-07-2017 02:40 AM

I have already got "same−security−traffic permit intra−interface"enabled. Did not think about enabling webvpn on the guest interface so hoping it is as simple as that.

 

I will try this on Monday. Thanks

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Mokhalil82

‎10-07-2017 02:51 AM

"same−security−traffic permit intra−interface" will not hurt, but is not needed for this situation.

Go to solution
Mokhalil82
Level 4
Level 4
In response to Karsten Iwen

‎10-12-2017 07:18 AM

That worked a treat, thankyou

Andy ideas on how I can get internet access when connected to anyconnect via my guest WIFI, if I connect to anyconnect from the inside, the internet works, if I connect to my guest ssid the internet works, if i connect to my guest ssid and then connect to anyconnect, the internet does not work

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Mokhalil82

‎10-12-2017 12:31 PM

Do you have split tunnel when connect to the VPN on guest? And, do you have DNS on the split tunnel?

 This can be DNS problem.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card