Re: URGENT - Anyconnect can connect but receive any traffic

carl_townshend · ‎03-21-2020

Hi All

I have an urgent issue which couldn't come at a worse time due to what is happening in the world.

We have had our Anyconnect client working for years, all of a sudden we can connect but not reach anywhere.

When I check the Anyconnect statistics, it says we are sending traffic but not receiving anything back.

What would be the first things that could cause this issue?

Many thanks

Carl

JP Miranda Z · ‎03-21-2020

carl_townshend,

You can start checking the following:

-Routing

-Nat

If you think that already fine you can take a capture on the FW using the ip assign to the client as source and the ip you are trying to access as destination:

cap test interface inside match ip h <clientip> h <destip>

show cap test ---> after testing will show you if the traffic is just going into your LAN and not coming back

Hope this info helps!!

Rate if helps you!!

-JP-

carl_townshend · ‎03-21-2020

Hi

We have just figured this out, for some reason, Anyconnect is not applying the filter on the user or group policy.

It only seems to apply some acl's that we added a week ago and nothing more, even though that filter is not applied anywhere, as a test I added a line to the acl that we added last week and it then got applied to this vpn session.

This appears to be a bug in the code as we can see on the user that the group policy and connection profile have applied but not the correct acl/filter.

We cannot afford to reboot the firewalls at the min due to the current high demand for remote working.

This is the last thing we need at the min, more bugs from Cisco!!