Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6839
Views
5
Helpful
2
Replies

No internet after connecting with anyconnect VPN

Go to solution
Infuscomus
Level 1
Level 1

‎08-19-2020 05:12 AM

I'm trying to rebuild my VPN and I encounter the following problem: after connecting to the target network via anyconnect VPN, connected computers no longer have access to internet.

 

From what I notice, there is no gateway assigned to the tunnel adapter so that may be the cause.

 

The internal target network can be accessed correctly.

The split tunnel settings can be seen in the attachment.

Messing around with that caused at a point the reverse: computers were accessing the internet but not the internal network.

 

So, overall, is there something I missed while doing the VPN configuration or is this more of a Windows 10 problem, since the option to use default gateway on remote network does no longer exist ?

 

 

 

 

1 person had this problem
Labels:
Preview file
91 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎08-19-2020 05:17 AM

Hi,
It's probably a NAT issue, do you have a NAT rule as below with the source and destination interface as "outside"?

 

object network RAVPN_USERS
 subnet 10.4.4.0 255.255.255.0
 nat (outside,outside) dynamic interface

 

You will also need the command "same-security-traffic permit intra-interface" to permit the traffic to hairpin and route back out the same interface it came in on.


Can you provide your configuration and the output of "show nat detail"

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎08-19-2020 05:17 AM

Hi,
It's probably a NAT issue, do you have a NAT rule as below with the source and destination interface as "outside"?

 

object network RAVPN_USERS
 subnet 10.4.4.0 255.255.255.0
 nat (outside,outside) dynamic interface

 

You will also need the command "same-security-traffic permit intra-interface" to permit the traffic to hairpin and route back out the same interface it came in on.


Can you provide your configuration and the output of "show nat detail"

Go to solution
Infuscomus
Level 1
Level 1
In response to Rob Ingram

‎08-19-2020 05:51 AM - edited ‎08-19-2020 05:56 AM

Hello, the only NATs I have configured and shown in the output are the nat (outside2,inside) which are used for a PBR that makes a specific network segment go through the secondary WAN interface instead of default primary one.

There is no other NAT configured.

 

I have tried the rule you specified, apparently everything seems fine. I will do some testing and replay back.

0 Helpful
Customers Also Viewed These Support Documents