Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
0
Helpful
0
Replies

Unable to access remote LAN after connecting with AnyConnect

kjones@virtualcohesion.com
Level 1
Level 1

‎05-30-2020 09:46 AM

Hi guys,

 

This should be simple, but I have spent for too many hours trying to figure out what I'm missing and it's giving me a headache!  Any help would be appreciated.

 

Configuration: Cisco 1841 running c1841-adventerprisek9-mz.151-4.M12a.bin.  AnyConnect 4.8.03052.

 

Problem: Remote clients are able to connect to the VPN on the 1841 and receive an IP from the VPN pool.  Clients are able to access their local LAN and the internet.  However, they are NOT able to access the remote LAN.  Client IS able to ping the remote LAN interface, just no other IPs on the remote network.

 

Putting IPs to the above scenario:  Client connects to VPN and receives IP 10.81.251.1.  Client is able to ping outside internet (8.8.8.8 for example).  Route shows client is using split routing as the traffic is not tunneling.  Client is able to ping 10.81.250.254.  This is the interface for the internal LAN.  Client is NOT able to ping 10.81.250.30 (or any other IP on the internal LAN).

 

Below is the router config.  Any pointers would be appreciated.

Thanks!

Kelly

 

-----------

 

Building configuration...

Current configuration : 18518 bytes
!
! Last configuration change at 23:00:14 Phoenix Fri May 29 2020 by <snip>
! NVRAM config last updated at 22:30:37 Phoenix Fri May 29 2020 by <snip>
! NVRAM config last updated at 22:30:37 Phoenix Fri May 29 2020 by <snip>
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C1841-WINDSTREAM
!
boot-start-marker
boot system flash:c1841-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
!
logging buffered 64000 warnings
no logging console
enable secret 5 <snip>
!
aaa new-model
!
!
aaa authentication login SSLVPN_AAA local
!
!
aaa session-id common
!
clock timezone Phoenix -7 0
crypto pki token default removal timeout 0
!
crypto pki trustpoint virtualcohesion-trustpoint
fqdn access.n0vd.com
subject-name cn=access.n0vd.com
revocation-check none
rsakeypair virtualcohesion-trustpoint
!
crypto pki trustpoint virtualcohesion-trustpoint-rrr1
revocation-check crl
!
crypto pki trustpoint virtualcohesion-trustpoint-rrr2
revocation-check crl
!
!
crypto pki certificate chain virtualcohesion-trustpoint
certificate 0842F77BFB2145BEAC298569103EF00B
308206B4 3082059C A0030201 02021008 42F77BFB 2145BEAC 29856910 3EF00B30

<snip>

6EC2D76C B1A30F9E BFEB68E7 56F2AEF2 E32B383A 0981B56B 85D7BE2D ED3F1AB7
B263E2F5 622C82D4 6A004150 F139839F 95E93696 986E
quit
dot11 syslog
ip source-route
!
!
!
ip dhcp excluded-address 10.81.250.254
ip dhcp excluded-address 10.81.250.1 10.81.250.200
!
ip dhcp pool DHCP-POOL
network 10.81.250.0 255.255.255.0
default-router 10.81.250.254
dns-server 8.8.8.8
domain-name virtualcohesion.com
lease 7
!
!
ip cef
ip domain name virtualcohesion.com
ip host power.n0vd.com 10.81.250.31
ip host amp.n0vd.com 10.81.250.32
ip host radio.n0vd.com 10.81.250.33
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1841 sn <snip>
username <snip> privilege 15 secret 5 <snip>
username <snip> password 7 <snip>
!
redundancy
!
!
ip ssh version 2
!
!!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-WAN$
ip address 10.81.250.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 40.137.51.58 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
!
ip local pool SSLVPN_POOL 10.81.251.1 10.81.251.100
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list 10 interface FastEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 40.137.51.57
!
access-list 10 permit 10.81.250.0 0.0.0.255
access-list 100 permit ip any any
!
!
snmp-server community impaxlabs RO
snmp-server community public RO
snmp-server community Ipxl@30831 RO
snmp-server ifindex persist
!
!
control-plane
!
!
banner motd ^C
*************************************************************
* WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *
*************************************************************
* THIS SYSTEM ACCESSES PROPRIETARY INFORMATION. ACCESS IS *
* *
* RESTRICTED TO AUTHORIZED USERS ONLY FOR LEGITIMATE *
* *
* BUSINESS PURPOSES. UNAUTHORIZED ACCESS IS A VIOLATION *
* *
* OF STATE AND FEDERAL, CIVIL AND CRIMINAL LAWS. *
* *
* PLEASE LOG OFF. *
*************************************************************
^C
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 012013144B5B141B
logging synchronous
transport input telnet ssh
line vty 5 15
logging synchronous
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 216.239.35.4 prefer source FastEthernet0/0
!
webvpn gateway SSLVPN_GATEWAY
ip address 40.137.51.58 port 443
http-redirect port 80
ssl trustpoint virtualcohesion-trustpoint
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-4.8.03052-webdeploy-k9.pkg sequence 1
!
webvpn context SSL_CONTEXT
ssl authenticate verify all
!
!
policy group SSL_POLICY
functions svc-enabled
svc address-pool "SSLVPN_POOL" netmask 255.255.255.0
svc split include 10.81.0.0 255.255.0.0
svc dns-server primary 10.81.250.254
default-group-policy SSL_POLICY
aaa authentication list SSLVPN_AAA
gateway SSLVPN_GATEWAY
inservice
!
end

 

 

 

 

 

 

 

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents