RemoteAccess VPN using anyconnect to ASA: asp-drop remote user traffic

Ivan Prikhodko · ‎10-28-2013

Hello Dear Collegues,

I would be very thankfull to anybody who can help me and direct me to the solution of weird issue I've got with ASA 5520 ver 8.2(5).

There is a WEBVPN enabled, and I use anyconnect for remote-access VPN connection.

The connection is ok, split-tunneling is also ok, but no traffic from remote client can reach internal hosts. When I use capture type asp-drop I can see, that all trafic from remote client get dropped by ACL configured rule (Drop-reason: (acl-drop) Flow is denied by configured rule). But I have double checked all the ACL applied to all interface, as well as split-tunnel ACL, and I can't find the way to resolve the issue.

What could be the troubleshooting approach in this case ?

Best regards,

Michael Muenz · ‎10-28-2013

What tells the log about dropped packets?

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

rizwanr74 · ‎10-28-2013

Hi Ivan,

Please post your running-config for easy trouble shooting and assessing your config so that maybe able to find a solution sooner.

Please make sure, that your internal switch have a static-route in place to push vpn-client traffic towards the ASA.

thanks

Message was edited by: Rizwan Mohamed