Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
0
Helpful
3
Replies

Issue with internet over vpn

Go to solution
ziqex
Level 4
Level 4

‎02-10-2021 05:30 AM

Hello,

I am facing the below issue. All other machines can access internal and external pages without issues. One machine can only access internal pages and services.

While checking vpn session on the asav I can see the following for non working machine:

Protocol : AnyConnect-Parent SSL-Tunnel
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES128
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA1

 

While on working machine the below is present:

 

Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES128 DTLS-Tunnel: (1)AES-GCM-256
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA1 DTLS-Tunnel: (1)SHA384

 

The difference for working is presence of DTLS-Tunnel.

I have checked the tunnel group and dtls port is 443.

Is there a way to verify why dtls is not present for the machine?

Thank you.

 

Regards,

Daniel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ziqex
Level 4
Level 4

‎03-01-2021 06:08 AM

To get internet working I had to use alternative proxy settings. Cisco Umbrella was getting blocked by the ISP at Egypt. No issues now, with alternative squid proxy.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎02-10-2021 05:35 AM - edited ‎02-10-2021 05:37 AM

@ziqex 

The ISP the non-working machine is connected to might possibly be blocking UDP/443, which might explain why you have no DTLS tunnel. Regardless even if DTLS is blocked, a TLS tunnel is established so the machine should still be able to access resources.

 

What version of the AnyConnect client is used?

What Operating System?

Does it make a difference if a different user logins to the non-working machine?

Do you use different connection profiles and group-policies with a different IP address pool?

0 Helpful

Go to solution
ziqex
Level 4
Level 4
In response to Rob Ingram

‎02-10-2021 05:49 AM

 

Thank you for your message.

What version of the AnyConnect client is used? All machines have anyconnect version 4.9.01095

What Operating System? Win 10 1809

Do you use different connection profiles and group-policies with a different IP address pool? Single connection profile across all devices.

0 Helpful

Go to solution
ziqex
Level 4
Level 4

‎03-01-2021 06:08 AM

To get internet working I had to use alternative proxy settings. Cisco Umbrella was getting blocked by the ISP at Egypt. No issues now, with alternative squid proxy.

0 Helpful
Customers Also Viewed These Support Documents