Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
725
Views
0
Helpful
1
Replies

No Internet access sporadically when using remote vpn access to corp network.

Maks78
Level 1
Level 1

‎10-11-2019 09:44 AM

 

I know the 1st thing you might say is check Split tunnel settings. This issue is so sporadic that I could not relate it to VPN server (#ASA 5520) split tunnel configuration. Also, for two different users vpn-ed in from two different ISPs , will have 2 different results. one will have local Internet access plus access to corp network  , other won't have Internet access but has access to corp network.

 

I have verified the split tunnel settings as well as Anyconnect vpn client ver 4.5 (allow local LAN access when using vpn). Listed below for your thoughts...

 

group-policy AWS-NY-SSL-GP internal
group-policy AWS-NY-SSL-GP attributes
banner value NONE
dns-server value 10.220.251 10.221.0.251
vpn-idle-timeout 480
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT
default-domain value AWS.com
split-dns value AWS.com AWS.com
split-tunnel-all-dns disable
client-bypass-protocol disable
address-pools value AWS-NY-VPN-Pool
webvpn
anyconnect profiles value AWS-SSL-VPN type user
anyconnect ssl df-bit-ignore enable

 

access-list SPLIT standard permit 10.0.0.0 255.0.0.0
access-list SPLIT standard permit 172.16.0.0 255.240.0.0
access-list SPLIT standard deny 192.168.0.0 255.255.0.0

 

0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎10-11-2019 01:28 PM

This almost sounds like a DNS resolution problem.  When the users experience the issue are they able to ping, for example, 8.8.8.8? Also are they able to issue nslookup google.com and get a successful resolution? Compare DNS server of an AnyConnect user that is having the issue with one that is not having the issue.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents