Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
0
Helpful
3
Replies

unable to configure both AnyConnect & IPSEC site-to-site VPN

Go to solution
d.grellinger
Level 1
Level 1

‎03-21-2011 12:56 PM - edited ‎02-21-2020 05:14 PM

I have established a IPSEC site-to-site VPN connection

When I configure AnyConnect (and get it working), I lose the site-to-site tunnel, and vice-versa.

I believe my NAT syatements are incorrect.

Here is the NAT config when AnyConnect is working properly ...

global (Outside) 101 interface
nat (Inside) 0 access-list sslnonat
nat (Inside) 101 0.0.0.0 0.0.0.0

access-list sslnonat extended permit ip 192.168.65.0 255.255.255.0 192.168.66.0 255.255.255.0

Here is the NAT config when the IPSEC site-to-site tunnel is working properly ...


global (Outside) 101 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 101 0.0.0.0 0.0.0.0

access-list Inside_nat0_outbound extended permit ip 192.168.65.0 255.255.255.0 object-group ServerGroup

How to I get the AnyConnect and the IPSEC Site-to-site to both be working properly? I don't need to reach on from the other.

Inside network 192.168.65.0/24

AnyCOnnect address pool 192.168.66.0/24

Any help would be much appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-21-2011 01:26 PM

Hi,

Try this:

global (Outside) 101 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 101 0.0.0.0 0.0.0.0

access-list Inside_nat0_outbound extended permit ip 192.168.65.0 255.255.255.0 object-group ServerGroup
access-list Inside_nat0_outbound extended permit ip 192.168.65.0 255.255.255.0 192.168.66.0 255.255.255.0

The problem is that when you apply the IPsec NAT configuration, you remove the entry for the AnyConnect pool.
Try the above and let's see if it works.

Federico.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-21-2011 01:26 PM

Hi,

Try this:

global (Outside) 101 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 101 0.0.0.0 0.0.0.0

access-list Inside_nat0_outbound extended permit ip 192.168.65.0 255.255.255.0 object-group ServerGroup
access-list Inside_nat0_outbound extended permit ip 192.168.65.0 255.255.255.0 192.168.66.0 255.255.255.0

The problem is that when you apply the IPsec NAT configuration, you remove the entry for the AnyConnect pool.
Try the above and let's see if it works.

Federico.

0 Helpful

Go to solution
d.grellinger
Level 1
Level 1
In response to Federico Coto Fajardo

‎03-21-2011 02:21 PM

Yes, that was it. Both VPNs are now working concerrently. Than

k you so much for your quick and helpful response.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to d.grellinger

‎03-21-2011 02:25 PM

Glad I could help :-)


Federico.

0 Helpful
Customers Also Viewed These Support Documents