Hello - I hope someone can help.
I have a scenario where there is an ASA5510 configured as follows:
Interface0 = Outside
Interface1 = LAN
Interface2 = DMZ
Interface3 = unused
Running ASA version 8.2[1]
All network operations are fine, as are the IPSEC tunnels to other branch offices, and the incoming SSL VPN accessed via the IP address assigned to the external adapter.
My problem is that I have a device on the DMZ that needs to access the AnyConnect service hosted on the external adapter so that it can access LAN resources. When I try accessing it, I see the following errors appearing in the debug log:
3 | Dec 03 2012 | 12:10:50 | 710003 | [DMZ client address] | 51031 | [AnyConnect ExternalAddress] | 443 | TCP access denied by ACL from [DMZ client address]/51031 to DMZ:[AnyConnect ExternalAddress]/443 |
If you look closely, it suggests an ACL issue from the DMZ client to the external AnyConnect IP address BUT it suggests the Anyconnect IP address is on the DMZ interface.
Has anyone seen this before?
Thanks in advance for any help.