Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
1
Replies

anyconnect config problem

dkraatz
Level 1
Level 1

‎12-28-2012 08:34 AM - edited ‎02-21-2020 06:35 PM

Hey guys,

I need a little help.  I am able to connect through the anyconnect with no problem.  I can browse to file shares, but when I try to open a web page hosted on our internal server it is never able to load it.  I am attaching my config in hopes someone can spot what I have missed.

Thanks for any help you can provide,

Brandon

Labels:
140598-CAPTURE.TXT.zip
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎12-28-2012 10:34 AM

Hi,

The configurations seems a bit confusing to me.

I mean the following things

  • VPN configurations configured under some sort of default tunnel-groups
  • NAT0 ACL "106" for the "inside" interface seems to contain alot of lines that to my understanding dont do anything
    • Some source networks are not behind the "inside" interface at all
  • The Split tunnel ACL "acl-out" seems to also contain random networks also

Can you confirm what you use the VPN Client connection for? Is it only for connecting to the LAN behind the ASA? Or is there perhaps some connections that you take from the VPN Client to some networks behind the L2L VPN connections configured on the ASA?

If possible I would recomend going through the whole VPN configuration and simplifying it (With regards to the AnyConnect configurations)

I suppose you are using DNS/URL to connect to the Web servers from the VPN Client? You seem to be using Internal DNS servers for the VPN Clients so the DNS replies should be coming from there in that case. Are you sure that this problem isnt related to perhaps your VPN Client getting the wrong IP address with the DNS reply from the LAN server? Have you checked the logs through ASDM while you have attempted the connections to the web servers and seen what happens to the attempts?

Can you also provide specific IP addresses related to the connection attempts?

- Jouni

0 Helpful
Customers Also Viewed These Support Documents