07-08-2012 05:10 AM - edited 02-21-2020 06:10 PM
Hello all,
this is my first post in this website and i am very happy i am doing so.
and its good to mention that i am noob in firewalls but trying to lear as much as i can.
I have a strenge problem in my VPN
i checked the Cisco documentation on how to configure VPN using Anyconnect and i did all required things but i am still not able to connect to my office.
what i would like to make clear that our connection goes in this way
Internet connection from ISP --- Router --- Firewall --- Core switch --- Access switch.
is there any configurations need to be done on the router?
07-08-2012 05:48 AM
Are you performing NAT on the router, or your firewall has public ip address?
Do you have any access-list on the router that might be blocking the connection? you should open TCP/443 on the router if you have access-list, and if you are using the default port for AnyConnect on the firewall.
07-08-2012 08:41 AM
Hello Jennifer,
Here you can see how our company design is and also i send you the Firewall configurations and i am not sure if router is required.
07-08-2012 07:13 PM
The current group policy assigned to the tunnel group does not exist, that's why it's not working.
Please create the corresponding group policy as follows:
access-list splitacl permit 10.0.0.0 255.255.0.0
group-policy GroupPolicy_sstc internal
group-policy GroupPolicy_sstc attributes
dns-server value 10.0.X.X
vpn-tunnel-protocol ssl-client
default-domain value sstc.local
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splitacl
07-08-2012 10:24 PM
Dear Jennifer,
Thank you a lot for helping me and supporting me.
i added this comamnds to my firewall and then i tried to connect to our network using all the IP address in the drawing and on 1 of the IP ( My Internet Public IP address ) i got the the certificate warning but when i click accept all i got is this error message
Unable to process response from 89.237.X.X
is there any specific thing should be done also ?
sorry for bothering you a lot in the questions
thank you in advanced.
07-08-2012 10:39 PM
You would need to access the AnyConnect using the ASA outside interface IP Address.
Also you might want to use the latest version of AnyConnect version 3.0 instead of version 2.4
07-08-2012 11:28 PM
Hello Jennifer.
I tried to connect using all different IP addresses but i m unable to reach even using Anyconnect 3.0
Do you think that it is something to do with the router.
07-09-2012 01:37 AM
You have NAT configured on the router.
You would need to configure the following on the router for the ASA outside interface IP:
ip nat inside source static
07-09-2012 01:52 AM
thank you jennifer
but is there specific port ?
or should i just add it in this way.
07-09-2012 01:53 AM
You can just add static NAT with just IP Address instead of with port.
07-09-2012 02:22 AM
Hello Jennifer
Once i did this as a NAT on my router all my users were unable to access the internet.
Thank u
07-09-2012 02:55 AM
That is very strange, why would that cause users not to access the internet as they are public IP.
In that case, configure static PAT:
ip nat inside source static tcp
07-09-2012 03:07 AM
hello again
also after doing this i lose connection to the router and also the internet.
this is strange i have no idea why this is happening
I checked the outside interface in the firewall and i took the IP address from there.
07-09-2012 03:22 AM
Hi Judeh,
Post your full configuration so that I can have an overview of what exactly is configured !
Best Regards,
Tony
07-09-2012 03:56 AM
Hello Tony,
I will be sendig them to you as a PM
and if you need to know the real IP address please let me know if this will make it simpler.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: