[FTD] Mgmt Tunnel not getting routes or showing IP's in vpn-sessiondb

Monadnock · ‎02-20-2024

Hi all,

I staged a management tunnel for AnyConnect on my FTD and I'm able to authenticate to it via machine cert at my Windows Login. The issue is that it doesn't seem to have connectivity into my environment. I see that users are getting IP's from the pool in the FMC User Access Dashboard:

But strangely, I cannot ping any of those IP addresses, and even stranger is that the FTD does not have routes to this pool in its routing table. (the .240 addresses are the non-mgmt prod tunnel pool)

The final weird part is that the show vpn-sessiondb anyconnect shows users in the group policy but no "assigned IP address" section as they do with our prod vpn pool.

MHM Cisco World · ‎02-20-2024

the route with "V" is for anyconnect Users
so the FTD add route to RIB
for ping from which IP you ping ?
MHM

Monadnock · ‎02-20-2024

I know that. My whole point is that V routes aren't showing up for the proper pool.

MHM Cisco World · ‎02-20-2024

MHM

Monadnock · ‎02-20-2024

No. The pool is .239 that I am referring to.

MHM Cisco World · ‎02-20-2024

Correct' can yoh check the gateway IP in user dashboard' are the gateway IP is for this ftd

If fmc mgmt multi ftd you can see vpn of other ftd not this one.

Can yoh check

Thanks

MHM

Monadnock · ‎02-21-2024

Confirmed they are getting the right gateway. Not multi mgmt ftd.