cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
436
Views
0
Helpful
2
Replies

Anyconnect multiple VLANs routed by Core Switch

Hello,

  I have an ASA5525X with AnyConnect working correctly to the default VLAN. It is trunked to a 4500X core switch stack with multiple VLANs and VSI's respectively. Default VLAN is 172.16.100.0/24 and my ASA Policy includes Secured Routes:172.16.0.0/16, 172.16.100.0/24, 172.16.104.0/24. My second VLAN that is not accessible is: 172.16.104.0/24.

Can someone help me figure out why the VPN Clients cannot see the additional VLANs?

I'm using the Anyconnect Address Assignment, but it doesn't give me an option to configure the gateway, so I believe the traffic is flowing only through ASA and either getting blocked by an ACL or not making it to the Gateway 172.16.104.1.

Best Regards,

-Scott

1 Accepted Solution

Accepted Solutions

gaowen
Beginner
Beginner

All your secured routes are in the same subnet?

View solution in original post

2 Replies 2

gaowen
Beginner
Beginner

All your secured routes are in the same subnet?

hmmm. I'm not sure what you mean when you say same subnet. Internally, I can communicate interVLAN between 172.16.100.0/24 and 172.16.104.0/24.  My Address Pool for the VPN is 172.16.114.10-172.16.114.250. ICMP traffic is flowing internal to external and external to internal on the default VLAN. 

I just found that I was able to enable these additional VLANs by creating new Network Objects for the VLAN and then adding them to my inside --> outside NAT Rule that included my OBJ_VPN_POOL.

Thank you for your help!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers