cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1354
Views
0
Helpful
5
Replies

Anyconnect unable to reach internal networks

P12Technologies
Level 1
Level 1

Hi,

I have ASA 5510 and configured client VPN or Annyconnect VPN, when I connect to the ASA remotely using anyconnect I am able to get IP address as configued, from Internal network I can ping and RDP that anyconnect VPN desktop, but the problem is from the remote anyconnect VPN client I am unable to access internal network, when I use ASA packet tracer and check traffic from internal to anyconnect pool of addresses it gives result ok, but when i use packet tracer to check traffic on outside interface from  anyconnect address pool to internal subnet it always gives the packet is dropped at WebVPN - SVC, and I can find any where related configuration for that.

any one can help in this would be appreciated.

Thanks

5 Replies 5

Hi,

Do you have a NAT exempt rule for this traffic?

Thanks in advance.

Portu.

I have the NAT exempt rule that is why from internal to anyconnect client works fine , shoudl be there any other NAT exempt ??

Oh so you it works one way, sorry, did not catch that.

Any logs during the connection attempt?

Thanks.

any particuler logs I should look for, I did not check any. or is there any debug command i should enable at ASA side

Hi,

Please do the following:

1- logging buffered debugging

2- capture capin interface inside match ip anyconnect_pool netmask local_network netmask

Then have the clients access the network.

1- show log | inc anyconnect_assigned_ip

2- show cap capin

Let me know.

Thanks.

Portu.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: