cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2304
Views
0
Helpful
17
Replies

Not able to reach my office after installing AnyConnect and making the configurations in the firewall

TariqJudeh
Level 1
Level 1

Hello all,

this is my first post in this website and i am very happy i am doing so.

and its good to mention that i am noob in firewalls but trying to lear as much as i can.

I have a strenge problem in my VPN

i checked the Cisco documentation on how to configure VPN using Anyconnect and i did all required things but i am still not able to connect to my office.

what i would like to make clear that our connection goes in this way

Internet connection from ISP --- Router --- Firewall --- Core switch --- Access switch.

is there any configurations need to be done on the router?

17 Replies 17

Jennifer Halim
Cisco Employee
Cisco Employee

Are you performing NAT on the router, or your firewall has public ip address?

Do you have any access-list on the router that might be blocking the connection? you should open TCP/443 on the router if you have access-list, and if you are using the default port for AnyConnect on the firewall.

Hello Jennifer,

Here you can see how our company design is and also i send you the Firewall configurations and i am not sure if router is required.

The current group policy assigned to the tunnel group does not exist, that's why it's not working.

Please create the corresponding group policy as follows:

access-list splitacl permit 10.0.0.0 255.255.0.0

group-policy GroupPolicy_sstc internal

group-policy GroupPolicy_sstc attributes

   dns-server value 10.0.X.X

   vpn-tunnel-protocol ssl-client

   default-domain value sstc.local

   split-tunnel-policy tunnelspecified

   split-tunnel-network-list value splitacl

Dear Jennifer,

Thank you a lot for helping me and supporting me.

i added this comamnds to my firewall and then i tried to connect to our network using all the IP address in the drawing and on 1 of the IP ( My Internet Public IP address )  i got the the certificate warning but when i click accept all i got is  this error message

Unable to process response from 89.237.X.X

is there any specific thing should be done also ?

sorry for bothering you a lot in the questions

thank you in advanced.

You would need to access the AnyConnect using the ASA outside interface IP Address.

Also you might want to use the latest version of AnyConnect version 3.0 instead of version 2.4

Hello Jennifer.

I tried to connect using all different IP addresses but i m unable to reach even using Anyconnect 3.0

Do you think that it is something to do with the router.

You have NAT configured on the router.

You would need to configure the following on the router for the ASA outside interface IP:

ip nat inside source static

thank you jennifer

but is there specific port ?

or should i just add it in this way.

You can just add static NAT with just IP Address instead of with port.

Hello Jennifer

Once i did this as a NAT on my router all my users were unable to access the internet.

Thank u

That is very strange, why would that cause users not to access the internet as they are public IP.

In that case, configure static PAT:

ip nat inside source static tcp 443 443

hello again

also after doing this i lose connection to the router and also the internet.

this is strange i have no idea why this is happening

I checked the outside interface in the firewall and i took the IP address from there.

Hi Judeh,

Post your full configuration  so that I can have an overview of what exactly is configured !

Best Regards,

Tony

Regards,
Tony

http://yadhutony.blogspot.com

Hello Tony,

I will be sendig them to you as a PM

and if you need to know the real IP address please let me know if this will make it simpler.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: