ASA Changing management interface causes in Anyconnect/S2S dropout

dmbnex · ‎01-02-2018

Hi.

After changing management interface from internal to dedicated, cisco AnyConnect and S2S VPN traffic stopped working. Changing back resumes the operation.

The VPN which is used to access Management is UP and OK and Access to management over that particular S2S is also OK.

Any ideas what causes behavior like this?

Thanks.

Karsten Iwen · ‎01-03-2018

What exactly did you change?
What do you mean with "stopped working". The VPN at all or only the traffic (from where to where) through the VPN?

dmbnex · ‎01-03-2018

Hi,

I littraly changed the "management interface"from one vlan to another.

after that some of the VPN traffic stopped passing. The AnyConnect VPN stopped working, client could not connect.

the S2S vpn for management did still operate and passed the traffic so I could manage the firewall by the new vlan-management IP over S2S.

When changing back all VPN resumed passing traffic and AnyConnect began to work again.

Im not too sure what exactly stopped about the AnyConnect or VPN as I just changed back to test and it worked again.

What I know for sure is that one of the S2S VPNs was towards the azure and it stopped passing traffic, event it was UP.

Also another VPN which has cryptomaps for new management vlan stopped passing traffic other than management traffic.

Internett did definetly works as I was connected to the fw by WAN-ip.

thanks.