cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
848
Views
0
Helpful
3
Replies

Internal LAN cannot reach AnyConnect Clients

JDMJeffy84
Level 1
Level 1

Hey all,
Current issue:
Internal LAN clients cannot reach the AnyConnect Client. Ping, RDP or SCCM remote tool (tcp/2701) does not connect to the remote anyconnect client when established from the internal LAN.

Troubleshooting:
PCAP on Firepower FTD - we can see ICMP request and SYN packets to the Anyconnect client but no return traffic/ reply packets on the pcap.

If we reverse this, i.e from Anyconnect client to Internal LAN we can RDP, ping and use SCCM remote tool.

I have checked the FW rules and routing all looks fine to me. IDS and file policy turned off on FW Rules and no Pre-filter.

 

Any suggestions why the return traffic is not working? is there a setting I've accidentally enabled?

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

we need to see the configuration, personally for now you need to excempt the VPN pool IP from NAT Excemption.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

we need to see the configuration, personally for now you need to excempt the VPN pool IP from NAT Excemption.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks Balaji, I missed a NAT rule which covered the NAT exemption which was sitting near the bottom.

 

All working now cheers!

we need to see config 

also check the FW of any connect PC may be it drop ping packet.