There is not much point in

ITAdmin777 · ‎03-25-2014

Hi Community,

I have an issue whereby we are unable to access any hosts in the DMZ (192.168.22.0/24) when using the SSL Anyconnect VPN client. I suspect an ACL issue somewhere?

on the ASA I found this setting:

Configuration
   --->Remote Access VPN
       --->Network Client Access
           --->Group Policies
               For each Group we have---> Manage IPV4 filter

This is where I see Std ACL with some entries

Split_Tunnel

       192.168.0.0/16

   VPN_Routes
       192.20.3.0/24

Can anyone advise if I just add the DMZ (192.168.22.0/24) Subnet to the Split_Tunnel Std ACL?

Thank you.

Richard Burts · ‎03-27-2014

There is not much point in adding 192.168.22.0/24 to the split tunnel ACL because it is already included in 192.168.0.0/16. It might be helpful to add 192.168.22.0 to the VPN_Routes ACL. Can you tell us what is 192.20.3.0/24 that is currently specified in that ACL?

Can you verify that devices in the DMZ have a route to the address pool for VPN?

HTH

Rick

HTH

Rick

Poonam Garg · ‎04-13-2014

Make sure your VPN traffic is NAT exempted.

ASA - No Access to Hosts in DMZ using SSL Anyconnect VPN Client