Anyconnect unable to reach internal networks

P12Technologies · ‎09-19-2012

Hi,

I have ASA 5510 and configured client VPN or Annyconnect VPN, when I connect to the ASA remotely using anyconnect I am able to get IP address as configued, from Internal network I can ping and RDP that anyconnect VPN desktop, but the problem is from the remote anyconnect VPN client I am unable to access internal network, when I use ASA packet tracer and check traffic from internal to anyconnect pool of addresses it gives result ok, but when i use packet tracer to check traffic on outside interface from anyconnect address pool to internal subnet it always gives the packet is dropped at WebVPN - SVC, and I can find any where related configuration for that.

any one can help in this would be appreciated.

Thanks

Javier Portuguez · ‎09-19-2012

Hi,

Do you have a NAT exempt rule for this traffic?

Thanks in advance.

Portu.

P12Technologies · ‎09-19-2012

I have the NAT exempt rule that is why from internal to anyconnect client works fine , shoudl be there any other NAT exempt ??

Javier Portuguez · ‎09-19-2012

Oh so you it works one way, sorry, did not catch that.

Any logs during the connection attempt?

Thanks.

P12Technologies · ‎09-19-2012

any particuler logs I should look for, I did not check any. or is there any debug command i should enable at ASA side

Javier Portuguez · ‎09-21-2012

Hi,

Please do the following:

1- logging buffered debugging

2- capture capin interface inside match ip anyconnect_pool netmask local_network netmask

Then have the clients access the network.

1- show log | inc anyconnect_assigned_ip

2- show cap capin

Let me know.

Thanks.

Portu.