cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
994
Views
5
Helpful
4
Replies
Beginner

AnyConnect Routing Issue?

Hi all,

 

Working through AnyConnect configuration and coming across two issues. A remote test PC cannot connect with error:

 

"The VPN connection was started by a remote desktop user whose remote console has been disconnected. It is presumed the VPN routing configuration is responsible for the remote console disconnect. The VPN connection has been disconnected to allow the remote console to connect again. A remote desktop user must wait 90 seconds after VPN establishment before disconnecting the remote console to avoid this condition."

 

I cannot see how this is a routing issue, any help would be appreciated.

 

Attached is sanitized config.

 

Note I can connect from the inside interface with no issues.

 

Thank you,

Steven

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Re: AnyConnect Routing Issue?

Hi andrews_steven,

Try configuring split tunnel and making sure the ip address of the anyconnect pool is not going through the tunnel. If you don't want to use split tunnel you can use exclude specified and only exclude the ip address of the anyconnect pool.

split tunnel guide:
https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html

exclude specified:
access-list <name> standard permit <anyconnectpool>

group-policy Vandyke attributes

split-tunnel-policy excludespecified

split-tunnel-network-list value <name>


Hope this info helps!!

Rate if helps you!!

-JP-
Beginner

Re: AnyConnect Routing Issue?

Hi JP,

 

Thank you for your help. So config looks like:

 

access-list <name> standard permit <InternalNetwork>
group-policy <AnyConnectGPName> attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value <ACLName>

 

Thank you for pointing me in the right direction.

 

-Steven

4 REPLIES 4
Highlighted
Cisco Employee

Re: AnyConnect Routing Issue?

Hi andrews_steven,

Try configuring split tunnel and making sure the ip address of the anyconnect pool is not going through the tunnel. If you don't want to use split tunnel you can use exclude specified and only exclude the ip address of the anyconnect pool.

split tunnel guide:
https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html

exclude specified:
access-list <name> standard permit <anyconnectpool>

group-policy Vandyke attributes

split-tunnel-policy excludespecified

split-tunnel-network-list value <name>


Hope this info helps!!

Rate if helps you!!

-JP-
Beginner

Re: AnyConnect Routing Issue?

Hi JP,

 

Yea this seems to be the issue. I tested a connection this morning from a PC that I was not remoting to. This showed that AnyConnect works but is not sending traffic out the local WAN as I expected.

 

I will go through the process of setting up split tunnel and confirm the fix.

 

Thank you,

Steven

Beginner

Re: AnyConnect Routing Issue?

Hi JP,

 

Thank you for your help. So config looks like:

 

access-list <name> standard permit <InternalNetwork>
group-policy <AnyConnectGPName> attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value <ACLName>

 

Thank you for pointing me in the right direction.

 

-Steven

Beginner

Re: AnyConnect Routing Issue?

Hi JP,

 

Thank you for your help. So config looks like:

 

access-list <name> standard permit <InternalNetwork>
group-policy <AnyConnectGPName> attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value <ACLName>

 

Thank you for pointing me in the right direction.

 

-Steven

Everyone's tags (1)