AnyConnect Users unable to access remote subnet

joseph.davolos · ‎06-10-2013

I have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.

My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping 172.16.254.1 it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so. Is there anything on this that is a known issue? We are running dry on obvious answers.

ankshar2 · ‎06-10-2013

Hi Joseph,

Can you attach the configs of both end ASA devices between which the tunnel is built. Also, once you are connected to the Anyconnect clinet to the HQ ASA, please get the following outputs:

--show vpn-sessiondb detail anyconnect filter name (for post 8.3code running on the ASA )

or --show vpn-sessiondb detail svc filter name (for pre 8.3 codes running on the ASA)

Bsically we need to verify the config first.. In the Lan to Lan tunnel config the pool ip address which the client gets should be configured. With Proper nat statements in place U-turning the traffic to remote sites should work fine

Thanks,

Ankit Sharma