Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
2
Replies

RemoteAccess VPN using anyconnect to ASA: asp-drop remote user traffic

Ivan Prikhodko
Level 1
Level 1

‎10-28-2013 05:05 AM - edited ‎02-21-2020 07:16 PM

Hello Dear Collegues,

I would be very thankfull to anybody who can help me and direct me to the solution of weird issue I've got with ASA 5520 ver 8.2(5).

There is a WEBVPN enabled, and I use anyconnect for remote-access VPN connection.

The connection is ok, split-tunneling is also ok, but no traffic from remote client can reach internal hosts. When I use capture type asp-drop I can see, that all trafic from remote client get dropped by ACL configured rule (Drop-reason: (acl-drop) Flow is denied by configured rule). But I have double checked all the ACL applied to all interface, as well as split-tunnel ACL, and I can't find the way to resolve the issue.

What could be the troubleshooting approach in this case ?

Best regards,

Labels:
0 Helpful
2 Replies 2

Michael Muenz
Level 5
Level 5

‎10-28-2013 05:47 AM

What tells the log about dropped packets?

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
0 Helpful

rizwanr74
Level 7
Level 7

‎10-28-2013 11:30 AM

Hi Ivan,

Please post your running-config for easy trouble shooting and assessing your config so that maybe able to find a solution sooner.

Please make sure, that your internal switch have a static-route in place to push vpn-client traffic towards the ASA.

thanks


Message was edited by: Rizwan Mohamed

0 Helpful
Customers Also Viewed These Support Documents