Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
699
Views
5
Helpful
2
Replies

Anyconnect client cant connect to another subnet behind ASA

Go to solution
vitaliyglioza
Level 1
Level 1

‎12-13-2018 08:48 AM - edited ‎02-21-2020 09:31 PM

Hi !

Have a problem with a routing, I guess.

A laptop connect to ASA1 with anyconnect. I can connect to subnet 192.168.2.0 with no problem, but cant reach  LAN-B (ASA2).

Connection between Lan-A and Lan-B work properly.

I added vpn-pool subnet to nat and acl - but still nothing.

Can somebody help me whith some advice ?

Untitled Diagram.jpg

Labels:
Preview file
20 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎12-14-2018 05:35 AM

Hi vitaliyglioza,

 

You have the ACL of the interesting traffic right but you are missing the uturn nat to allow the traffic coming from the AnyConnect to go back through the outside through a S2S tunnel:

 

nat (out,out) source static NETWORK_OBJ_10.200.200.0_25 NETWORK_OBJ_10.200.200.0_25 destination static Glevakha_192.168.1.0 Glevakha_192.168.1.0 no-proxy-arp route-lookup

same-security-traffic permit intra-interface

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

 

View solution in original post

2 Replies 2

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎12-14-2018 05:35 AM

Hi vitaliyglioza,

 

You have the ACL of the interesting traffic right but you are missing the uturn nat to allow the traffic coming from the AnyConnect to go back through the outside through a S2S tunnel:

 

nat (out,out) source static NETWORK_OBJ_10.200.200.0_25 NETWORK_OBJ_10.200.200.0_25 destination static Glevakha_192.168.1.0 Glevakha_192.168.1.0 no-proxy-arp route-lookup

same-security-traffic permit intra-interface

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

 

Go to solution
vitaliyglioza
Level 1
Level 1
In response to JP Miranda Z

‎12-17-2018 02:26 AM

Thanks a lot !

I dont know why I forget about nat ?))

P.S. The most quick and helpful solution for me on this forum.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents