Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1028
Views
0
Helpful
7
Replies

i-pad anyconnect problem with ip address

werowance
Level 1
Level 1

‎01-11-2012 07:50 AM - edited ‎02-21-2020 05:48 PM

i can connect a users ipad just fine using anyconnect however they can not connect to any resource on the company network.

i found that the users home network was also using 192.168.1.xxx the same as my company's network.  my firewall is assiging 172.16.16.xxx to vpn clients.

if i change my users home network to something other than 192.168.1.xxx  eg 10.0.0.1,  then i can connect to our intrAnet page at work,  we can rdp to workstations etc.  

my only problem with this work around is 1.  im not about to change my companies internal ip scheme just for 1 or 2 users. 

2.   these users will likely use internet from different locations,  which most access points are 192.168.1.xxx ip schemes at hotels and confrence centers etc. 

so is their any way to force the i-pad to send all trafic over the vpn tunnel?

here is some maybe important info

not using certificates  (no connect on demand)

not split tunneling,  so web browsing on home internet not allowed while connected to vpn

using rsa tokens

asa 5500 firewall

my ssl is self signed  not a store bought one from verisign or something like that.

thanks in advance for any info.

Labels:
0 Helpful
7 Replies 7

andrew.prince
Level 10
Level 10

‎01-11-2012 11:10 AM

Nat your internal network over the AnyConnect VPN use something like 10.255.255.0/24

Sent from Cisco Technical Support iPad App

0 Helpful

werowance
Level 1
Level 1
In response to andrew.prince

‎01-12-2012 06:46 AM

Well,  but what about this:  "The AnyConnect Software should use a pool IP from the firewall, so the local network should not matter."   the firewall assigns everyone 172.16.16.XXX   wouldnt that take care of not having to nat the internal network?

im asking,  not arguing.  and appreciate all help.

thanks

0 Helpful

andrew.prince
Level 10
Level 10
In response to werowance

‎01-12-2012 06:57 AM

Hi Brian,

I thought your problem is your internal LAN IP Subnet clashes with users home LAN's?? Even if you give them and IP address of 1.1.1.0/24 when they want to access something over the VPN to your internal LAN, and that IP address happens to be the same as their home network - it will fail!

0 Helpful

werowance
Level 1
Level 1

‎01-12-2012 07:02 AM

Ah, ok,  i guess why i am questioning it so much is that a windows pc on the same home network using anyconnect vpn works fine,  just the ipad doesnt like it.  so i was hopeing it was just an anyconnect setting on the ipad that needed to be changed.

maybe its just the way apple handles networking and vpn differently over a windows computer.  ill give the nat a shot.  it just takes an act of congress to make a firewall change here at work since we farmed controll of it out to a security company.

0 Helpful

andrew.prince
Level 10
Level 10
In response to werowance

‎01-12-2012 08:43 AM

You know what - if it's not a must have, then don't spend to much time on it!

0 Helpful

werowance
Level 1
Level 1
In response to andrew.prince

‎01-12-2012 08:56 AM

i never siad it wasnt a must have!  just said it would take a while to get the changes made and thus posting back results

anyone else out their have an answer as to why a windows pc works fine when using the same ip scheme at home and at work without natting the traffic? 

0 Helpful

andrew.prince
Level 10
Level 10
In response to werowance

‎01-12-2012 10:11 AM

ok fair enough - have you enabled logging on the AnyConnect client?

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents