Showing results for 
Search instead for 
Did you mean: 

Setting up Anyconnect VPN per DOC 99756

Level 1
Level 1

I am trying to setup AnyConnect on a ASA 8.2.5 from scratch.  I can get connected and dont see any errors.  Not able to ping the inside interface or the device I have attached to the inside interface.  From the ASA, I can ping the device attached to the Inside interface of the ASA. Ths would appear to indicate a problem with the ASA configuration for Anyconnect  It has to be something simple but so far it eludes me.  I have turned up logging and can see verification that the anyconnect session successfully connections.  No errors are showing.

Here is the partial config that I am using -

access-list no_nat extended permit ip

access-list no_nat extended permit ip

access-list Outside1_to_Inside extended permit ip interface Inside

access-group Outside1_to_Inside in interface Inside

ip local pool SSLClientPool mask

icmp unreachable rate-limit 1 burst-size 1

icmp permit any Inside

nat (Inside) 0 access-list no_nat

access-group Outside1_to_Inside in interface Inside

route Outside1 254

crypto ca trustpoint localtrust

enrollment self



keypair sslvpnkeypair

crl configure

ssl trust-point localtrust Outside1


enable Outside1


svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

svc enable  

tunnel-group-list enable

group-policy SSLClientPolicy internal

group-policy SSLClientPolicy attributes

dns-server value

vpn-tunnel-protocol svc

default-domain value

address-pools value SSLClientPool

Any suggestions would be appreciated.


1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

Hi Ron,

to be able to access the inside interface of the ASA itself, you need to configure:

   management-access inside

This will allow you to ping/ASDM/telnet/ssh to the inside interface address, over a vpn tunnel.

Not sure what the problem is when reaching hosts on the inside though, how are you testing this? Ping (icmp) or application traffic (UDP,TCP) ?

The ACL on the inside interface doesn't seem to make sense, what did you intend to achieve with it? Can you try removing it temporarily to see if this influences the VPN issue?