Ok, I have a interesting situation going on here. We have multiple profiles established on our ASA for remote user vpn connectivity. Lets focus on 2 of them now. We have one (conveniently called anyconnect) that is for the general population of our users to use. This servers as normal everyday day to day connectivity for the users. We have another profile Eng-VPN that is for only select users, as it has access to a business critical applications only, and blocks access to other "normal" connections. The anyconnect profile does not have access to the business critical application.
So here is the specifics: When I connect to the Eng-VPN and run pings to the business critical applications (10.55.40.10, 10.55.40.11 and 10.55.40.100 in this case) they all ping/respond in the same pattern at the same time. They will generally (again all 3 at the same time) ping for 6 consecutive pings, drop for 4-5 pings. All 3 at the exact same time. This pattern is pretty consistent, but in the course of my testing/research sometimes it does ping for 30 min + consecutively. One thing to note is that 10.55.40.10 and 10.55.40.11 are connected via VM's to our core switch (next hop off of the ASA) and the 10.55.40.100 is a physical on a different switch (one further step from the core switch).
If I modify the rules for the Anyconnect profile to allow this connectivity it doesnt drop a ping at all, all pings are good and in working order.
Has anyone ever experienced this or something like this before?
group-policy companyvpn internal group-policy companyvpn attributes wins-server none dns-server value 10.55.35.66 10.55.35.62 vpn-idle-timeout none vpn-session-timeout 1440 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value splittunnel default-domain value company.com split-dns value company.com msie-proxy method no-modify address-pools value vpnpool webvpn anyconnect ssl keepalive 30
group-policy APPLICATION-VPN-GP attributes wins-server none dns-server value 10.55.35.66 10.55.35.62 vpn-idle-timeout none vpn-session-timeout 1440 vpn-filter value APPLICATION-Loaction-VPN-Filter vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelall default-domain value company.com split-tunnel-all-dns enable address-pools value application-vpn-pool