cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2391
Views
10
Helpful
5
Replies

Anyconnect Clients Cannot Communicate with each other

I have an issue that I've been pulling my hair out on.....my telecommuters connect to our corp. network via an AnyConnect VPN connection (version 3.1) to a Cisco ASA5520. I do not have split tunneling enabled for this profile so all traffic should traverse the tunnel and all clients are in the same L3 subnet...as far as their VPN IP address goes. The problem is the telecommuter PCs cannot communicate with each other (pings/RDP/etc.). When watching the log I can see traffic sourced from one destined for another, nothing is getting denied, but they do not communicate. From my corp. network I can communicate with both Anyconnect PCs fine. When I go to Monitoring | Routes in ASDM I can see each host that is connected to the ASA via Anyconnect, and the gateway for each is the default gateway of the ASA.

Am I missing some setting in the VPN profile that is preventing access between these hosts? I would think something would show up in the log....

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Anyconnect Clients Cannot Communicate with each other

Have you enabled hairpinning and also a nat exempte between the AnyConnect users?

same-security-traffic permit intra-interface

object network AnyConnect_users

subnet

nat (outside,outside) source static AnyConnect_users AnyConnect_users destination static AnyConnect_users AnyConnect_users

If this doesnt sort out your issue, please post a full sanitized configuration of your ASA.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

5 REPLIES 5
Highlighted
VIP Advisor

Anyconnect Clients Cannot Communicate with each other

Have you enabled hairpinning and also a nat exempte between the AnyConnect users?

same-security-traffic permit intra-interface

object network AnyConnect_users

subnet

nat (outside,outside) source static AnyConnect_users AnyConnect_users destination static AnyConnect_users AnyConnect_users

If this doesnt sort out your issue, please post a full sanitized configuration of your ASA.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Highlighted

Anyconnect Clients Cannot Communicate with each other

Thanks for the reply Marius! I fixed this by just running "same-security-traffic permit intra-interface" on the ASA, I did not need to add the hairpin natting.

Thanks for the help....Jeff

Highlighted
VIP Advisor

Anyconnect Clients Cannot Communicate with each other

Glad you got it working!

Thank you for rating the post.

--
Please remember to select a correct answer and rate helpful posts
Highlighted
Beginner

Re: Anyconnect Clients Cannot Communicate with each other

Hi,

 

I have exactly the same issue, i did what u suggested and the problem still remains, what else can i do?

 

Kind Regards

WS

Highlighted
Rising star

Re: Anyconnect Clients Cannot Communicate with each other

Hi,

 

  Start a new thread and post the config.

 

Regards,

Cristian Matei.