No Internet access sporadically when using remote vpn access to corp network.

Maks78 · ‎10-11-2019

I know the 1st thing you might say is check Split tunnel settings. This issue is so sporadic that I could not relate it to VPN server (#ASA 5520) split tunnel configuration. Also, for two different users vpn-ed in from two different ISPs , will have 2 different results. one will have local Internet access plus access to corp network , other won't have Internet access but has access to corp network.

I have verified the split tunnel settings as well as Anyconnect vpn client ver 4.5 (allow local LAN access when using vpn). Listed below for your thoughts...

group-policy AWS-NY-SSL-GP internal
group-policy AWS-NY-SSL-GP attributes
banner value NONE
dns-server value 10.220.251 10.221.0.251
vpn-idle-timeout 480
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT
default-domain value AWS.com
split-dns value AWS.com AWS.com
split-tunnel-all-dns disable
client-bypass-protocol disable
address-pools value AWS-NY-VPN-Pool
webvpn
anyconnect profiles value AWS-SSL-VPN type user
anyconnect ssl df-bit-ignore enable

access-list SPLIT standard permit 10.0.0.0 255.0.0.0
access-list SPLIT standard permit 172.16.0.0 255.240.0.0
access-list SPLIT standard deny 192.168.0.0 255.255.0.0

Marius Gunnerud · ‎10-11-2019

This almost sounds like a DNS resolution problem. When the users experience the issue are they able to ping, for example, 8.8.8.8? Also are they able to issue nslookup google.com and get a successful resolution? Compare DNS server of an AnyConnect user that is having the issue with one that is not having the issue.

--
Please remember to select a correct answer and rate helpful posts