cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
362
Views
5
Helpful
7
Replies

Cisco ASA 5508 VPN problem with anyconnect

asa-nub
Beginner
Beginner

Hi
We are currently using a Cisco ASA 5508, we have a Site to Site VPN connected to one of the vlan. If colleagues want to log in from home they have to use a cisco anyconnect client, but there are only 4 of them at the moment. I tried using a plain built-in windows client but never managed to get the connection to work properly with the vlaned S2S vpn. This is where I would like your help.
Thanks

7 Replies 7

marce1000
VIP Mentor VIP Mentor
VIP Mentor

 

 - I wouldn't go for S2S vpn for individual clients, the purpose of S2S vpn is to connect (company) hubs. Note that you can download Anyconnect for free , an example setup tutorial on ASA is : https://www.youtube.com/watch?v=XTiUy56aHAo

 M.

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@asa-nub you mean you can connnect with anyconnect, but are unable to access resources over S2S VPN that is terminated on the 5508?

If so you'd need to configure the ASA to hairpin traffic - same-security-traffic permit intra-interface
You would also need a NAT exemption rule to ensure traffic between the AnyConnect IP pool and the S2S networks are not unintentially translated.

If you still have a problem provide your configuration and some more clarity on the issue.

asa-nub
Beginner
Beginner

thanks for the replies, I'll clarify a bit:
we have another company connected to S2S VPN so we can work on their systems, but we have people who only work from home, they need anyconnect VPN. If anyconnect VPN is connected then all resources are accessible on the other side, but if when use the built-in windows client then have no internet and can't access resources with the same settings as with anyconnect. Tunnel All Network is configured on S2S VPN.

 

interesting issue, do you solve it ?

asa-nub
Beginner
Beginner

hello, unfortunately we have not yet found a solution, although it is becoming more and more urgent. Maybe I asked the question in the wrong place, it should have been in another topic.

 

            >.... although it is becoming more and more urgent

  - For urgent business related issues contact TAChttps://mycase.cloudapps.cisco.com/case

 M.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers