07-27-2018 11:26 AM - modifié 07-27-2018 11:32 AM
Dear Community,
I am struggling to get get an connection from the AnyConnect clients to the inernal as well as the Site to Site VPN.
Anyconnect Network 10.10.200.0 --> ASA with internal network 10.10.100.0 connected --> remote l2l site 192.168.1.1
If I try to ping from the anyconnect client I can see on the asa debug that the ping reaches the asa. If I simulate the ping via packet tracer I get the following output for pings to Internal and Remote Site but only if anyconnect clients are connected and the 10.10.200.0 network is recognized as directly connected. If no anyconnect client is connected the packet tracer succeeds in establishing the connection:
Phase: 6
Type: VPN
Subtype: ipsec-tunnel-flow
Result: DROP
Config:
Additional Information:
I tried with a permit any any acls but that doesn;t change a thing.
Thanks for your input
Résolu ! Accéder à la solution.
le 12-19-2018 05:37 PM
The access lists on local and remote vpn devices must be mirror images of each other. The acl you removed was part of your site to site cryptomap. You must have had an extra acl that the remote end did not have, thus VPN would not have worked.
Découvrez et enregistrez vos notes préférées. Revenez pour trouver les réponses d'experts, des guides étape par étape, des sujets récents et bien plus encore.
Êtes-vous nouveau ici? Commencez par ces conseils. Comment utiliser la communauté Guide pour les nouveaux membres