cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2147
Views
0
Helpful
3
Replies
chicagotech
Beginner

one VPN client can't ping one of servers by IP

Our VPN users use Cisco AnyConnect VPN to access network resources. The VPN server is Cisco ASA firewall. After establishing the VPN, the user can access everything except one of SQL server from his laptop. Ping the IP doesn't reply. The same VPN rules apply to all VPN users. If I try my login ID on his laptop, I have the same problem. If we try his ID on other computers, it works. I have tried to disable anti virus, firewall, but can't fix it. Any suggestions?

1 ACCEPTED SOLUTION

Accepted Solutions
Rahul Govindan
Advocate

Since this looks like a client side problem, I would look at the route table of the PC after successful connection into ASA. If you are using split tunnels, the ASA and Anyconnect client installs routes in your routing table for all the split networks. What I would look for is a conflicting route for that server ip address.

Another possible avenue for troubleshooting is to apply Wireshark captures on the Anyconnect and physical adapter when testing pings to the servers. You should see traffic go through to the VPN adapter is the rules are correct.

View solution in original post

3 REPLIES 3
Rahul Govindan
Advocate

Since this looks like a client side problem, I would look at the route table of the PC after successful connection into ASA. If you are using split tunnels, the ASA and Anyconnect client installs routes in your routing table for all the split networks. What I would look for is a conflicting route for that server ip address.

Another possible avenue for troubleshooting is to apply Wireshark captures on the Anyconnect and physical adapter when testing pings to the servers. You should see traffic go through to the VPN adapter is the rules are correct.

View solution in original post

Thank you for reply. I open a case with Cisco. The Cisco Engineer confirms it is client issue because it never reaches the ASA when ping. After 3 hours troubleshooting, he can't fix it and suggests us to reinstall the OS. Any other suggestions?

the routing table was getting updated by an unknown reason due to which default gateway was changing to 10.0.0.1 instead of 192.168.1.254.

 

The details of the case can be found here:

http://www.chicagotech.net/netforums/viewtopic.php?f=5&t=19436&sid=6ed89403d3401a9fed73b31ca8f40a79

Content for Community-Ad