cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
619
Views
0
Helpful
2
Replies

Anyconnect VPN Hairpinning, Ping works but nothing else

gregcarvlin
Level 1
Level 1

Hi all,

  We are setting up a Site-To-Site VPN Tunnel and we recently setup hairpinning to get the traffic from outside users through the tunnel. We are now able to ping servers over there, but using anything BUT ping doesn't work. We have the rules currently allowing any traffic to the other site, so I'm not certain why its getting blocked.

We did have an issue with one of the inspection policies before, and it was block everything over there to the datacenter to even ping, once we disabled the one used for netflow data it worked, so I'm thinking it may be related. Any thoughts?

2 Replies 2

gregcarvlin
Level 1
Level 1

To add more of a description to it, we get the following when we run a packet trace

Source: IP in the VPN Range

Destination: IP in the Remote Site Range

Port: HTTPS for testing

Interface: Outside

Failure

WEBVPN-SVC Action Drop

Info:

(acl-drop)Flow is deinied by configured rule

Dear Greg,

Please collect the following outputs:

Before a connection attempt:

logging buffered debbuging

logging buffer-size 1048576

clear logging buffer

!

capture drop type asp-drop all

After a connection attempt:

show log | inc AnyConnect_Client_IP

show capture drop | inc AnyConnect_Client_IP

HTH.

Portu.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: