Solved: Anyconnect multiple VLANs routed by Core Switch

scott.mickelsonAMS · ‎04-03-2017

Hello,

I have an ASA5525X with AnyConnect working correctly to the default VLAN. It is trunked to a 4500X core switch stack with multiple VLANs and VSI's respectively. Default VLAN is 172.16.100.0/24 and my ASA Policy includes Secured Routes:172.16.0.0/16, 172.16.100.0/24, 172.16.104.0/24. My second VLAN that is not accessible is: 172.16.104.0/24.

Can someone help me figure out why the VPN Clients cannot see the additional VLANs?

I'm using the Anyconnect Address Assignment, but it doesn't give me an option to configure the gateway, so I believe the traffic is flowing only through ASA and either getting blocked by an ACL or not making it to the Gateway 172.16.104.1.

Best Regards,

-Scott

gaowen · ‎04-03-2017

All your secured routes are in the same subnet?

View solution in original post

gaowen · ‎04-03-2017

All your secured routes are in the same subnet?

scott.mickelsonAMS · ‎04-03-2017

hmmm. I'm not sure what you mean when you say same subnet. Internally, I can communicate interVLAN between 172.16.100.0/24 and 172.16.104.0/24. My Address Pool for the VPN is 172.16.114.10-172.16.114.250. ICMP traffic is flowing internal to external and external to internal on the default VLAN.

I just found that I was able to enable these additional VLANs by creating new Network Objects for the VLAN and then adding them to my inside --> outside NAT Rule that included my OBJ_VPN_POOL.

Thank you for your help!