cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1664
Views
0
Helpful
1
Replies

anyconnect can't reach local networks - webvpn-svc drop

nicolas figaro
Level 1
Level 1

Hi all,

I configured anyconnect using the asdm wizard, but I can't get acces to internal ressources.

The connection is established, but packet-tracer shows that the communication is dropped due to the following :

Phase: 7

Type: WEBVPN-SVC

Subtype: in

Result: DROP

Config:

Additional Information:

Forward Flow based lookup yields rule:

in  id=0x7fff359dc660, priority=70, domain=svc-ib-tunnel-flow, deny=false

        hits=40, user_data=0x22000, cs_id=0x0, reverse, flags=0x0, protocol=0

        src ip/id=x.x.x.x, mask=255.255.255.255, port=0, tag=0

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0

        input_ifc=outside, output_ifc=any

x.x.x.x is the IP assigned to the anyconnect client from the pool.

could anyone indicate how to modify the configuration to avoid such a drop ?

thanks

1 Reply 1

Rashid Thompson
Level 1
Level 1

Can you try the packet trace from the inside?

For Example:

packet-tracer input inside tcp 10.1.1.1 1024 10.4.1.1 23