Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2532
Views
0
Helpful
3
Replies

one VPN client can't ping one of servers by IP

Go to solution
chicagotech
Level 1
Level 1

‎02-07-2017 01:57 PM

Our VPN users use Cisco AnyConnect VPN to access network resources. The VPN server is Cisco ASA firewall. After establishing the VPN, the user can access everything except one of SQL server from his laptop. Ping the IP doesn't reply. The same VPN rules apply to all VPN users. If I try my login ID on his laptop, I have the same problem. If we try his ID on other computers, it works. I have tried to disable anti virus, firewall, but can't fix it. Any suggestions?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎02-07-2017 04:01 PM

Since this looks like a client side problem, I would look at the route table of the PC after successful connection into ASA. If you are using split tunnels, the ASA and Anyconnect client installs routes in your routing table for all the split networks. What I would look for is a conflicting route for that server ip address.

Another possible avenue for troubleshooting is to apply Wireshark captures on the Anyconnect and physical adapter when testing pings to the servers. You should see traffic go through to the VPN adapter is the rules are correct.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎02-07-2017 04:01 PM

Since this looks like a client side problem, I would look at the route table of the PC after successful connection into ASA. If you are using split tunnels, the ASA and Anyconnect client installs routes in your routing table for all the split networks. What I would look for is a conflicting route for that server ip address.

Another possible avenue for troubleshooting is to apply Wireshark captures on the Anyconnect and physical adapter when testing pings to the servers. You should see traffic go through to the VPN adapter is the rules are correct.

0 Helpful

Go to solution
blin
Level 1
Level 1
In response to Rahul Govindan

‎02-09-2017 02:52 PM

Thank you for reply. I open a case with Cisco. The Cisco Engineer confirms it is client issue because it never reaches the ASA when ping. After 3 hours troubleshooting, he can't fix it and suggests us to reinstall the OS. Any other suggestions?

0 Helpful

Go to solution
chicagotech
Level 1
Level 1
In response to blin

‎02-16-2017 06:41 PM

the routing table was getting updated by an unknown reason due to which default gateway was changing to 10.0.0.1 instead of 192.168.1.254.

 

The details of the case can be found here:

http://www.chicagotech.net/netforums/viewtopic.php?f=5&t=19436&sid=6ed89403d3401a9fed73b31ca8f40a79

0 Helpful
Customers Also Viewed These Support Documents