this is my first post in this website and i am very happy i am doing so.
and its good to mention that i am noob in firewalls but trying to lear as much as i can.
I have a strenge problem in my VPN
i checked the Cisco documentation on how to configure VPN using Anyconnect and i did all required things but i am still not able to connect to my office.
what i would like to make clear that our connection goes in this way
Internet connection from ISP --- Router --- Firewall --- Core switch --- Access switch.
is there any configurations need to be done on the router?
Are you performing NAT on the router, or your firewall has public ip address?
Do you have any access-list on the router that might be blocking the connection? you should open TCP/443 on the router if you have access-list, and if you are using the default port for AnyConnect on the firewall.
Here you can see how our company design is and also i send you the Firewall configurations and i am not sure if router is required.
The current group policy assigned to the tunnel group does not exist, that's why it's not working.
Please create the corresponding group policy as follows:
access-list splitacl permit 10.0.0.0 255.255.0.0
group-policy GroupPolicy_sstc internal
group-policy GroupPolicy_sstc attributes
dns-server value 10.0.X.X
default-domain value sstc.local
split-tunnel-network-list value splitacl
Thank you a lot for helping me and supporting me.
i added this comamnds to my firewall and then i tried to connect to our network using all the IP address in the drawing and on 1 of the IP ( My Internet Public IP address ) i got the the certificate warning but when i click accept all i got is this error message
Unable to process response from 89.237.X.X
is there any specific thing should be done also ?
sorry for bothering you a lot in the questions
thank you in advanced.
You would need to access the AnyConnect using the ASA outside interface IP Address.
Also you might want to use the latest version of AnyConnect version 3.0 instead of version 2.4
I tried to connect using all different IP addresses but i m unable to reach even using Anyconnect 3.0
Do you think that it is something to do with the router.
You have NAT configured on the router.
You would need to configure the following on the router for the ASA outside interface IP:
ip nat inside source static
Once i did this as a NAT on my router all my users were unable to access the internet.
That is very strange, why would that cause users not to access the internet as they are public IP.
In that case, configure static PAT:
ip nat inside source static tcp
also after doing this i lose connection to the router and also the internet.
this is strange i have no idea why this is happening
I checked the outside interface in the firewall and i took the IP address from there.
Post your full configuration so that I can have an overview of what exactly is configured !
I will be sendig them to you as a PM
and if you need to know the real IP address please let me know if this will make it simpler.