04-24-2015 03:40 AM - edited 02-21-2020 08:11 PM
Hello,
I'm having some issues with my anyconnect hairpinning. For some reason it will not let me access my sites on the WAN. I only have 3 IP addresses i need to access on the WAN so i made a splittunnel list for these 3 IP addresses. When i do a packet tracer everything looks correct but when i try to ping or access the IP adresses it doesn't work.
Thanks in advanced.
Here is the relevant config.
ASA Version 8.2(5)
!
name 1.1.1.1 Mycompany.com
name 1.1.1.2 admin.Mycompany.com
name 1.1.1.3 globalMycompany.com
name 100.64.0.0 DialinPool
same-security-traffic permit intra-interface
object-group network Mycompany_NAT_VPNaccess
network-object host admin.Mycompany.com
network-object host globalMycompany.com
network-object host admin.Mycompany.com
object-group network DM_INLINE_NETWORK_1
network-object host admin.Mycompany.com
network-object host globalMycompany.com
network-object host Mycompany.com
access-list Mycompany_common_splittunnel_netacl standard permit host admin.Mycompany.com
access-list Mycompany_common_splittunnel_netacl standard permit host Mycompany.com
access-list Mycompany_common_splittunnel_netacl standard permit host globalMycompany.com
access-list Mycompany_common_netacl extended permit ip DialinPool 255.255.255.0 any
ip local pool Mycompany_common_pool 100.64.0.10-100.64.0.100 mask 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 1 DialinPool 255.255.255.0
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record Mycompany_common_dap
network-acl Mycompany_common_netacl
webvpn
svc ask none default svc
webvpn
enable outside
svc image disk0:/anyconnect-macosx-i386-3.1.06073-k9.pkg 1
svc image disk0:/anyconnect-win-3.1.06073-k9.pkg 2
svc profiles Mycompany_common_anyconnect_profile disk0:/Mycompany_common_anyconnect_profile.xml
svc enable
group-policy Mycompany_common_policy internal
group-policy Mycompany_common_policy attributes
wins-server none
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Mycompany_common_splittunnel_netacl
webvpn
svc profiles value Mycompany_common_anyconnect_profile
tunnel-group Mycompany_common_tunnelgroup type remote-access
tunnel-group Mycompany_common_tunnelgroup general-attributes
address-pool Mycompany_common_pool
authentication-server-group Digipass
default-group-policy Mycompany_common_policy
tunnel-group Mycompany_common_tunnelgroup webvpn-attributes
group-url https://myvpn.Mycompany.com enable
!
!
04-24-2015 04:48 AM
Found the solution my self. The problem was this bug : https://tools.cisco.com/bugsearch/bug/CSCtn56501
After deleting crypto_archive/crypto_eng0_arch_1.bin and crypto_archive/crypto_eng0_arch_2.bin it started working.
04-24-2015 06:06 AM
Congratulations on solving your own problem. Thank you for posting back to the forum to tell us that you solved it and what the problem was.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide