11-13-2013 11:56 AM - edited 02-21-2020 07:19 PM
I have an issue that I've been pulling my hair out on.....my telecommuters connect to our corp. network via an AnyConnect VPN connection (version 3.1) to a Cisco ASA5520. I do not have split tunneling enabled for this profile so all traffic should traverse the tunnel and all clients are in the same L3 subnet...as far as their VPN IP address goes. The problem is the telecommuter PCs cannot communicate with each other (pings/RDP/etc.). When watching the log I can see traffic sourced from one destined for another, nothing is getting denied, but they do not communicate. From my corp. network I can communicate with both Anyconnect PCs fine. When I go to Monitoring | Routes in ASDM I can see each host that is connected to the ASA via Anyconnect, and the gateway for each is the default gateway of the ASA.
Am I missing some setting in the VPN profile that is preventing access between these hosts? I would think something would show up in the log....
Solved! Go to Solution.
11-16-2013 03:00 PM
Have you enabled hairpinning and also a nat exempte between the AnyConnect users?
same-security-traffic permit intra-interface
object network AnyConnect_users
subnet
nat (outside,outside) source static AnyConnect_users AnyConnect_users destination static AnyConnect_users AnyConnect_users
If this doesnt sort out your issue, please post a full sanitized configuration of your ASA.
11-16-2013 03:00 PM
Have you enabled hairpinning and also a nat exempte between the AnyConnect users?
same-security-traffic permit intra-interface
object network AnyConnect_users
subnet
nat (outside,outside) source static AnyConnect_users AnyConnect_users destination static AnyConnect_users AnyConnect_users
If this doesnt sort out your issue, please post a full sanitized configuration of your ASA.
11-20-2013 12:33 PM
Thanks for the reply Marius! I fixed this by just running "same-security-traffic permit intra-interface" on the ASA, I did not need to add the hairpin natting.
Thanks for the help....Jeff
11-20-2013 12:35 PM
Glad you got it working!
Thank you for rating the post.
03-26-2020 08:57 AM
Hi,
I have exactly the same issue, i did what u suggested and the problem still remains, what else can i do?
Kind Regards
WS
03-26-2020 09:38 AM
Hi,
Start a new thread and post the config.
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide