Re: Anyconnect VPN issue

samarthashetty · ‎09-17-2019

Hi Team,

I am running into an issue, wherein once I connect to Anyconnect VPN, I am unable to access one website below.

http://10.14.34.117:81

Checked for type of tunnel: Full tunnel

Checked for NAT: no NAT is used as its completely used for VPN.

Did a packet tracer, found it be allowed.

able to ping and trace the destination from ASA.

Please help me what things I need to check to solve this issue. Thanks in advance.

Regards

Samarth

Marvin Rhoads · ‎09-17-2019

Is the internal site accessible from:

a. internal addresses

b. other VPN clients?

If not, does its routing to your VPN pool subnet get it to the ASA?

samarthashetty · ‎09-17-2019

Hi Marvin,

Please see below

Is the internal site accessible from:

a. internal addresses--> Yes

b. other VPN clients? --> NO, no VPN users are groups can access this site.

Below is the route from ASA:

10.13.137.252 is the IP once connected to VPN.

show route from ASA:

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 10.13.132.1 to network 0.0.0.0

S* 0.0.0.0 0.0.0.0 [1/0] via 10.13.132.1, UNTRUST
S 10.0.0.0 255.0.0.0 [1/0] via 10.13.132.129, TRUST
C 10.13.132.0 255.255.255.128 is directly connected, UNTRUST
L 10.13.132.2 255.255.255.255 is directly connected, UNTRUST
C 10.13.132.128 255.255.255.128 is directly connected, TRUST
L 10.13.132.130 255.255.255.255 is directly connected, TRUST
V 10.13.137.224 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.137.252 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.137.253 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.4 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.6 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.7 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.8 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.12 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.16 255.255.255.255 connected by VPN (advertised), UNTRUST

PLease let me know for any other details.

Regards

Samarth

samarthashetty · ‎09-17-2019

Hi Experts,

Please share your thoughts on this issue.

regards

samarth

samarthashetty · ‎09-17-2019

Hi experts,

please suggest what things i must check for this issue or am I missing something?

Regards

samarth

Marvin Rhoads · ‎09-18-2019

I had asked "does its routing to your VPN pool subnet get it to the ASA".

I'm talking about the server's routing. Does it's gateway lead to the ASA?

If it does, can you confirm that the server is receiving the VPN client software in the first place (Wireshark on the server is a good tool in this case).

Sachin.Mishra2 · ‎09-18-2019

Hi Marvin,

Thanks for your reply.

Let me check and get back to you.

Regards

Samarth