Hi,
I am running a test deployment of AnyConnect with 100 users. The target is to develop the solution to be 'always on' and to easily transition between trusted and non-trusted networks using NAM and VPN modules with certificate based authentication.
I have the following network groups configured:
TRUSTED-WIRED
UNTRUSTED-WIRED
TRUSTED-WIFI
UNTRUSTED-WIFI
The untrusted groups allowed users to add local networks. The trusted groups are centrally controlled and secured.
I had all this working well, but since I upgraded my ASA HA pair I have issues connecting to the internal trusted network. The VPN and certificate based user authentication is working fine. When I try and use the client on the trusted internal network with basic ICMP tests I get the following error message:
------------------------------------------------------------------------------------------------------------
C:\>arp -a
Internet Address Physical Address Type
10.192.196.1 00-24-97-48-dd-00 dynamic
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
C:\>ping 10.192.196.1
Pinging 10.192.196.1 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
Ping statistics for 10.192.196.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
-----------------------------------------------------------------------------------------------------------------
I am actively researching this problem now. I'm not sure if it is directly related to the upgrade or something I have inadvertently configured/selected during the upgrade. It's a test lab/PoC environment but will be going live early in 2013, so I would obviously like to get passed this little issue.
Any other ideas/thoughts would be most welcome in my hour of need!!
Cheers
Dave
