Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1224
Views
0
Helpful
2
Replies

Certain LAN IP addresses inaccessible over AnyConnect VPN

Go to solution
sstaylor1
Level 1
Level 1

‎09-05-2019 05:35 AM - edited ‎09-05-2019 05:45 AM

On our network, there are certain IP addresses that, while accessible by users locally, are not accessible to users when they are connected via VPN.  These IP address are part of the same sub-net, 192.168.0.x/24, which is included in the split-tunnel ACL.  We recently replaced Domain Controllers, including the DNS service, but DNS resolution is not an issue for these IPs internally.  ASA and VPN DNS settings were updated with the new DNS IP addresses.

 

Is it possible that these IPs are being excluded by a WAN-specific AC, which does not effect the LAN side of the network?

 

Our configuration is an ASA 5512-X, Software Version 9.2(2)4, Device Manager Version 7.3(1)101, AnyConnect 4.6.03049.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sstaylor1
Level 1
Level 1
In response to Rob Ingram

‎09-05-2019 06:02 AM

RJI,

Thanks for your reply.  You got me thinking, so I checked the NIC configuration on one of the servers that is hosting some of the IPs.  It turns out that, on one of the NICs, the Default Gateway had not been set.  Once I made that change for the NIC, things started working as desired.  Lesson learned.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎09-05-2019 05:50 AM

Hi,
Do you have a VPN Filter configured on the ASA that could be restricting access to certain IP addresses or ports?
Do the devices you cannot access have a local firewall enabled that could be restricting access from the Remote Access VPN subnet?
0 Helpful

Go to solution
sstaylor1
Level 1
Level 1
In response to Rob Ingram

‎09-05-2019 06:02 AM

RJI,

Thanks for your reply.  You got me thinking, so I checked the NIC configuration on one of the servers that is hosting some of the IPs.  It turns out that, on one of the NICs, the Default Gateway had not been set.  Once I made that change for the NIC, things started working as desired.  Lesson learned.

0 Helpful
Customers Also Viewed These Support Documents