I deleted the AnyConnect VPN

Mohammad Rahman · ‎04-11-2014

I have configured Cisco Client VPN on Cisco ASA 5505 with Split -VPN and everything was working fine with any issue. After that I was trying to configure AnyConnect VPN with creating self Certificate like below.

corpasa(config)#crypto key generate rsa label sslvpnkey
corpasa(config)#crypto ca trustpoint localtrust
corpasa(config-ca-trustpoint)#enrollment self
corpasa(config-ca-trustpoint)#fqdn www.xxxx.com
corpasa(config-ca-trustpoint)#subject-name CN=xxxxxx.com
corpasa(config-ca-trustpoint)#keypair sslvpnkey
corpasa(config-ca-trustpoint)#crypto ca enroll localtrust noconfirm
corpasa(config)# ssl trust-point localtrust outside

After configuration I got connected but was not able to browse the internet. Also I tried to configure Split-VPN for Anyconnect VPN. I tried to ping default gateway and LAN client's IP addresses but not pingable. I thought something wrong with AnyConnect VPN configuration and it is live Firewall so I deleted all configuration related to AnyConnect. Still I am not able to ping LAN any IP addresses after connecting through Cisco Client VPN. Please help. I am thinking something went wrong after creating self certificate.

Marvin Rhoads · ‎04-13-2014

The certificate should not affect the split tunneling setup.

Can you please provide the configuration or at least the output of "show run group-policy"?

We would normally expect to see a couple of lines like:

split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_tunnellist

...under the group-policy. "vpn_tunnelist" in my example is an access-list with that name that specifies the remote networks your VPN client should be able to access over the VPN.

Mohammad Rahman · ‎05-25-2014

I deleted the AnyConnect VPN configuration and reconfigured Cisco Client VPN and now Client VPN working fine but I did not try to configure Anyconnect VPN without any proper license.

Not able to ping default gateway after Cisco Client VPN connection on ASA 5505