Unable to access inside network from Anyconnect SSL VPN after initial setup of 5508 x ASA

jmbrewer9x · ‎08-11-2017

Used ADSM Startup Wizard and VPN Wizard to setup a 5508 X. I'm trying to get the Anyconnect SSL VPN client to work. After the setup I tried the command sysopt connection permit-vpn to enable inside access from the VPN pool. Still didn't seem to do anything. Can anyone share a sample config for what other access, nat, or routes will be needed in addition to the wizard setups?

I can ping both outside and inside from the CLI. I can connect with the Anyconnect client, but just can't reach anything on my inside network.

Aditya Ganjoo · ‎08-11-2017

Hi,

You would need the following things:

NAT rule

Split tunnel rule if needed.

Please check this link :

https://www.petenetlive.com/KB/Article/0000943

Regards,

Aditya

Please rate helpful and mark correct answers

jmbrewer9x · ‎08-13-2017

I added a few of the commands from that page that I did not have. That seemed to get split tunnel working correctly. However I still cannot access my inside lan when I connect with the VPN. Do I need any additiona firewall rules on the inside or outside interfaces to allow the VPN address pool to access the inside lan?

Aditya Ganjoo · ‎08-13-2017

Hi,

If you have an access-list on the inside LAN interface then you need to allow outbound traffic going to Anyconnect pool.

Also under show run all sysopt the below command should be enabled.:

sysopt connection permit-vpn

Also, try to ping the LAN interface of the ASA from the Anyconnect client and check if you are able to ping it.

Regards,

Aditya

Please rate helpful and mark correct answers