Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1814
Views
0
Helpful
2
Replies

AnyConnect default gateway issue

itadmin
Level 1
Level 1

‎12-05-2012 02:13 AM - edited ‎02-21-2020 06:31 PM

Hi Everyone,

I have built a new AnyConnect VPN link which I need to get running ASAP.

The issue that I am having is that I can initially get the client to download the anyconnect software and connect, but it cannot ping the default gateway so therefore cannot access anything. I am new to VPN's, especially AnyConnect and could do with a little advise.

I have installed the config onto a 5510, with 8.4(4) software installed. When I installed it onto a spare 5505 that we have, which is also on 8.4(4) I found that it created a temporary interface that was used as the default gateway for the VPN but this does not seem to be the case for the 5510.

Would it be possible to look through my config and see if there is something amiss with it.

Thanks

group-policy besttelGP internal

group-policy besttelGP attributes

vpn-tunnel-protocol ssl-client

tunnel-group besttel_tun type remote-access

tunnel-group besttel_tun general attribules

exit

username XXXXX password XXXXX

username Besttel attributes

vpn-group-poilcy besttelGP

service-type remote-access

webvpn

enable outside

anyconnect image disk0:/anyconnect-win-3.0.08057.k9.pkg

anyconnect enable

ip local pool besttel_pool 10.10.252.10-10.10.252.20 mask 255.255.255.0

group-policy besttelGP attributes

address-pools value besttel_pool

exit

access-list besttel_vpn_acl standard permit host 10.10.6.9

access-list besttel_vpn_acl standard permit host 10.10.6.10

access-list besttel_vpn_acl standard permit host 10.15.1.5

access-list besttel_vpn_acl standard deny any

sysopt connection permit-vpn

group-policy besttelGP attributes

vpn-filter value besttel_vpn_acl

crypto key generate rsa label BesttelVPN

crypto ca trustpoint BESTTELTRUST

enrollment self

keypair BesttelVPN

crypto ca enroll BESTTELTRUST nonconfirm

exit

ssl trustpoint BESTTELTRUST outisde

Labels:
0 Helpful
2 Replies 2

itadmin
Level 1
Level 1

‎12-05-2012 03:50 AM

Sorry I forgot to mention. The 5510 does not seem to build an IP address into its table that the VPN client can use as its default gateway, so the anyconnect software builds, by default a default gateway of the 1st usable IP address with the given subnet, but this is pointing to nothing as the ASA does not have it configured. Do I have to manually configure this IP address or is it a command that I am misssing?

Thanks

Jake

0 Helpful

itadmin
Level 1
Level 1
In response to itadmin

‎12-05-2012 07:19 AM

I have fixed the issues now. I couldnt understand where the default route was pointing to as it did not come up on the ASA, but it seems to be able to access the ASA anyway. The issue was fixed by stopping the NAT translations for the VPN subnet

0 Helpful
Customers Also Viewed These Support Documents