cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1166
Views
0
Helpful
17
Replies
Highlighted
Beginner

Not able to reach my office after installing AnyConnect and making the configurations in the firewall

Hello all,

this is my first post in this website and i am very happy i am doing so.

and its good to mention that i am noob in firewalls but trying to lear as much as i can.

I have a strenge problem in my VPN

i checked the Cisco documentation on how to configure VPN using Anyconnect and i did all required things but i am still not able to connect to my office.

what i would like to make clear that our connection goes in this way

Internet connection from ISP --- Router --- Firewall --- Core switch --- Access switch.

is there any configurations need to be done on the router?

17 REPLIES 17
Highlighted
Cisco Employee

Are you performing NAT on the router, or your firewall has public ip address?

Do you have any access-list on the router that might be blocking the connection? you should open TCP/443 on the router if you have access-list, and if you are using the default port for AnyConnect on the firewall.

Highlighted

Hello Jennifer,

Here you can see how our company design is and also i send you the Firewall configurations and i am not sure if router is required.

Highlighted

The current group policy assigned to the tunnel group does not exist, that's why it's not working.

Please create the corresponding group policy as follows:

access-list splitacl permit 10.0.0.0 255.255.0.0

group-policy GroupPolicy_sstc internal

group-policy GroupPolicy_sstc attributes

   dns-server value 10.0.X.X

   vpn-tunnel-protocol ssl-client

   default-domain value sstc.local

   split-tunnel-policy tunnelspecified

   split-tunnel-network-list value splitacl

Highlighted

Dear Jennifer,

Thank you a lot for helping me and supporting me.

i added this comamnds to my firewall and then i tried to connect to our network using all the IP address in the drawing and on 1 of the IP ( My Internet Public IP address )  i got the the certificate warning but when i click accept all i got is  this error message

Unable to process response from 89.237.X.X

is there any specific thing should be done also ?

sorry for bothering you a lot in the questions

thank you in advanced.

Highlighted

You would need to access the AnyConnect using the ASA outside interface IP Address.

Also you might want to use the latest version of AnyConnect version 3.0 instead of version 2.4

Highlighted

Hello Jennifer.

I tried to connect using all different IP addresses but i m unable to reach even using Anyconnect 3.0

Do you think that it is something to do with the router.

Highlighted

You have NAT configured on the router.

You would need to configure the following on the router for the ASA outside interface IP:

ip nat inside source static

Highlighted

thank you jennifer

but is there specific port ?

or should i just add it in this way.

Highlighted

You can just add static NAT with just IP Address instead of with port.

Highlighted

Hello Jennifer

Once i did this as a NAT on my router all my users were unable to access the internet.

Thank u

Highlighted

That is very strange, why would that cause users not to access the internet as they are public IP.

In that case, configure static PAT:

ip nat inside source static tcp 443 443

Highlighted

hello again

also after doing this i lose connection to the router and also the internet.

this is strange i have no idea why this is happening

I checked the outside interface in the firewall and i took the IP address from there.

Highlighted

Hi Judeh,

Post your full configuration  so that I can have an overview of what exactly is configured !

Best Regards,

Tony

Regards,
Tony

http://yadhutony.blogspot.com
Highlighted

Hello Tony,

I will be sendig them to you as a PM

and if you need to know the real IP address please let me know if this will make it simpler.

Content for Community-Ad