10-04-2023 12:15 PM
I set up Cisco AnyConnect for a client and it is using split-tunneling to forward regular internet traffic using the home-user's ISP and traffic that is destined for our network to come across the tunnel. Recently I was asked to add a URL to come through the anyconnect vpn and out to the internet from our ISP so that way the destination web server would see our outside interface IP as the source. I added it to the split-tunnel ACLs and when I do a route print on my windows machine it shows the next hop for the web server being the ASA. However, I am not able to see any traffic from vpn clients destined to this web server on the ASA. From a windows machine connected to the local on-prem LAN for out network, it can reach the web server just fine, it seems to just be anyconnect users that cannot reach it. I can provide configs and diagrams if needed and can troubleshoot whenever. Any help is greatly appreciated!
Solved! Go to Solution.
10-09-2023 08:25 AM
The issue was with the nat statement. I did some wonky nat prior to this to get other services working and ended up having conflicting nat statements on the asa. This was the fix for the nat statement
object any_any
nat (inside,outside) dynamin interface
object anyconnect_subnet
nat (outside,outside) dynamic interface
10-09-2023 08:25 AM
The issue was with the nat statement. I did some wonky nat prior to this to get other services working and ended up having conflicting nat statements on the asa. This was the fix for the nat statement
object any_any
nat (inside,outside) dynamin interface
object anyconnect_subnet
nat (outside,outside) dynamic interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide