cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
728
Views
0
Helpful
2
Replies

ASA - No Access to Hosts in DMZ using SSL Anyconnect VPN Client

ITAdmin777
Beginner
Beginner

Hi Community,

I have an issue whereby we are unable to access any hosts in the DMZ (192.168.22.0/24) when using the SSL Anyconnect VPN client.  I suspect an ACL issue somewhere?


on the ASA I found this setting:

Configuration
    --->Remote Access VPN
        --->Network Client Access
            --->Group Policies
                For each Group we have---> Manage IPV4 filter
                    
This is where I see Std ACL with some entries

    Split_Tunnel

        192.168.0.0/16
        
    VPN_Routes
        192.20.3.0/24


Can anyone advise if I just add the DMZ (192.168.22.0/24) Subnet to the Split_Tunnel Std ACL? 

 

Thank you.

2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

There is not much point in adding 192.168.22.0/24 to the split tunnel ACL because it is already included in 192.168.0.0/16. It might be helpful to add 192.168.22.0 to the VPN_Routes ACL. Can you tell us what is 192.20.3.0/24 that is currently specified in that ACL?

 

Can you verify that devices in the DMZ have a route to the address pool for VPN?

 

HTH

 

Rick

HTH

Rick

Make sure your VPN traffic is NAT exempted.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: