07-12-2023 11:00 AM
Hi Team:
Am currently deploying some FTD 1120 in redundancy mode but am having some issues with anyconnect. Currently am able to browse the net but I cannot access my internal nodes that I want to access via the tunnel. I can see my anyconnect profile has the private network on the secure path but am not reaching them. Any thoughts why this is happening? What am i configuring wrong? Also in the FTD configuring RA VPN via FDM shouldn't it create a nat in Policies>NAT? I ask cause am not seeing it
Solved! Go to Solution.
07-13-2023 10:01 AM
One last thing. Would any configs be need on FTD for the browsing experience be little faster. I feel like the internet browsing is slow
07-13-2023 10:36 AM
Check ifconfog in your pc
What is DNS server pc use when it anyconnect active and passive.
07-13-2023 10:44 AM
I did that and its using the internal dns that i define when they connect with anyconnect. Whats best practice here, our internal dns or define external ones?
07-13-2023 10:49 AM - edited 07-13-2023 10:50 AM
do lookup and see time taken until internal DNS resolve the Name-IP
ping google.com
ping 8.8.8.8
see the different in time
07-13-2023 02:13 PM
@MHM Cisco Worldi have done the nslookup and the time to resolve is quick but the pings do seem off. below is the output of the pings
C:\Users\root>ping google.com
Pinging google.com [142.250.69.206] with 32 bytes of data:
Reply from 142.250.69.206: bytes=32 time=395ms TTL=107
Reply from 142.250.69.206: bytes=32 time=601ms TTL=107
Reply from 142.250.69.206: bytes=32 time=421ms TTL=107
Reply from 142.250.69.206: bytes=32 time=863ms TTL=107
Ping statistics for 142.250.69.206:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 395ms, Maximum = 863ms, Average = 570ms
C:\Users\root>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=303ms TTL=110
Reply from 8.8.8.8: bytes=32 time=724ms TTL=110
Reply from 8.8.8.8: bytes=32 time=591ms TTL=110
Reply from 8.8.8.8: bytes=32 time=175ms TTL=110
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 175ms, Maximum = 724ms, Average = 448ms
C:\Users\root>
07-18-2023 04:52 AM
TTL 110
It huge number of hopes pass before host reach 8.8.8.8
Can you traceroute 8.8.8.8
See if the path through ftd and then via other SP
07-13-2023 12:48 AM
@jebanks you should check your rules in the Access Control Policy are correct and ensure you have the correct source/destination zones, traffic from an anyconnect user will be "outside".
You can also run packet-tracer to simulate the traffic flow, this will indicate where the issue lies.
Also with live traffic from the CLI of the FTD run system support firewall-engine-debug filter on the IP address of the anyconnect user and you can see the traffic and determine which rule the traffic matches.
07-13-2023 09:29 AM
I did it. I can see the apply ACL so from the serve to the client IP works but from the client to the server not working. So I think its starting to be a routing or windows firewall. Checking it out. But command is helpful
07-12-2023 01:58 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide