12-01-2020 05:44 AM
Hey all,
Current issue:
Internal LAN clients cannot reach the AnyConnect Client. Ping, RDP or SCCM remote tool (tcp/2701) does not connect to the remote anyconnect client when established from the internal LAN.
Troubleshooting:
PCAP on Firepower FTD - we can see ICMP request and SYN packets to the Anyconnect client but no return traffic/ reply packets on the pcap.
If we reverse this, i.e from Anyconnect client to Internal LAN we can RDP, ping and use SCCM remote tool.
I have checked the FW rules and routing all looks fine to me. IDS and file policy turned off on FW Rules and no Pre-filter.
Any suggestions why the return traffic is not working? is there a setting I've accidentally enabled?
Solved! Go to Solution.
12-01-2020 05:47 AM
we need to see the configuration, personally for now you need to excempt the VPN pool IP from NAT Excemption.
12-01-2020 05:47 AM
we need to see the configuration, personally for now you need to excempt the VPN pool IP from NAT Excemption.
12-02-2020 01:45 AM
Thanks Balaji, I missed a NAT rule which covered the NAT exemption which was sitting near the bottom.
All working now cheers!
12-01-2020 06:38 AM
we need to see config
also check the FW of any connect PC may be it drop ping packet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide