Hi Aditya,

p.delmanuel1 · ‎03-29-2016

Hi Guys,

for some time now I have a problem with a cisco asa firewall: I can connect to the firewall itself just fine trough anyconnect, but I cannot access any internal resources on the remote network. I have tried adding and removing NAT rules aswel as ACL, but no luck. It might be something very simple I have overlooked. I hope somebody can help me!

Im trying to connect from the internet to network 192.168.110.0 and from there access 192.168.104.0.

I have attached the config.

Thanks in advance!

Aditya Ganjoo · ‎03-29-2016

Hi,

I see that you are using the ACL:

access-list nonat-mgmt-client extended permit ip 192.168.110.0 255.255.255.0 20.20.20.0 255.255.255.0
access-list nonat-mgmt-server extended permit ip 192.168.104.0 255.255.255.0 20.20.20.0 255.255.255.0

But this ACL is not called under the group-policy for the Anyconnect:

I see two group-policies not sure which one of them is being used:

group-policy GroupPolicy_thuiswerken internal

group-policy "GroupPolicy_ Admin" attributes

Under the concerned group-policy can you add two more lines:

split-tunnel-policy tunnelspecified

split-tunnel-network-list value nonat-mgmt-server

Regards,

Aditya

Please rate helpful posts.

p.delmanuel1 · ‎03-30-2016

Hi Aditya,

Thanks for your reply! Unfortunately, no luck. Added the rule to the policy, but I still cannot access the resources.

Regards,

Petro

p.delmanuel1 · ‎03-30-2016

Hi Aditya,

Im sorry to say I overlooked something, as I suspected earlier: the firewall was actually working fine! I should not have forgotten to configure the default gateway on the remote device, I could not believe it when I found out.

Anyway, thank you for your time.

Regards,

Petro

Anyconnect client cannot access internal resources