09-17-2019 06:31 AM - edited 02-21-2020 09:44 PM
Hi Team,
I am running into an issue, wherein once I connect to Anyconnect VPN, I am unable to access one website below.
Checked for type of tunnel: Full tunnel
Checked for NAT: no NAT is used as its completely used for VPN.
Did a packet tracer, found it be allowed.
able to ping and trace the destination from ASA.
Please help me what things I need to check to solve this issue. Thanks in advance.
Regards
Samarth
09-17-2019 06:34 AM
Is the internal site accessible from:
a. internal addresses
b. other VPN clients?
If not, does its routing to your VPN pool subnet get it to the ASA?
09-17-2019 06:42 AM
Hi Marvin,
Please see below
Is the internal site accessible from:
a. internal addresses--> Yes
b. other VPN clients? --> NO, no VPN users are groups can access this site.
Below is the route from ASA:
10.13.137.252 is the IP once connected to VPN.
show route from ASA:
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 10.13.132.1 to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via 10.13.132.1, UNTRUST
S 10.0.0.0 255.0.0.0 [1/0] via 10.13.132.129, TRUST
C 10.13.132.0 255.255.255.128 is directly connected, UNTRUST
L 10.13.132.2 255.255.255.255 is directly connected, UNTRUST
C 10.13.132.128 255.255.255.128 is directly connected, TRUST
L 10.13.132.130 255.255.255.255 is directly connected, TRUST
V 10.13.137.224 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.137.252 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.137.253 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.4 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.6 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.7 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.8 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.12 255.255.255.255 connected by VPN (advertised), UNTRUST
V 10.13.138.16 255.255.255.255 connected by VPN (advertised), UNTRUST
PLease let me know for any other details.
Regards
Samarth
09-17-2019 08:10 AM
Hi Experts,
Please share your thoughts on this issue.
regards
samarth
09-17-2019 10:05 PM
Hi experts,
please suggest what things i must check for this issue or am I missing something?
Regards
samarth
09-18-2019 07:46 AM
I had asked "does its routing to your VPN pool subnet get it to the ASA".
I'm talking about the server's routing. Does it's gateway lead to the ASA?
If it does, can you confirm that the server is receiving the VPN client software in the first place (Wireshark on the server is a good tool in this case).
09-18-2019 08:24 AM
Hi Marvin,
Thanks for your reply.
Let me check and get back to you.
Regards
Samarth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide