Re: VPN drops Internet connectivity - Page 6

chris.bias · ‎03-10-2022

I connect to the Cisco AnyConnect VPN and it drops the internet connection. Below is the IPConfig and print route outputs from the command line prompt:

C:\WINDOWS\system32>route print
===========================================================================
Interface List
12...00 05 9a 3c 7a 00 ......Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
17...c0 25 a5 65 bc 16 ......Intel(R) Ethernet Connection (13) I219-V
20...d6 1b 81 c8 e4 ef ......Microsoft Wi-Fi Direct Virtual Adapter #3
15...e6 1b 81 c8 e4 ef ......Microsoft Wi-Fi Direct Virtual Adapter #4
21...c0 25 a5 65 bc 17 ......Realtek USB GbE Family Controller #2
27...d4 1b 81 c8 e4 ef ......Qualcomm QCA61x4A 802.11ac Wireless Adapter
4...d4 1b 81 c8 e4 f0 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
28...00 15 5d 77 f6 08 ......Hyper-V Virtual Ethernet Adapter
33...00 15 5d 34 b8 e2 ......Hyper-V Virtual Ethernet Adapter #2
65...00 15 5d 7e 4a 60 ......Hyper-V Virtual Ethernet Adapter #3
79...00 15 5d de c3 38 ......Hyper-V Virtual Ethernet Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.22.45.1 172.22.45.143 291
0.0.0.0 0.0.0.0 192.168.15.1 192.168.15.10 2
12.190.110.211 255.255.255.255 172.22.45.1 172.22.45.143 36
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.17.48.0 255.255.240.0 On-link 172.17.48.1 5256
172.17.48.0 255.255.240.0 192.168.15.1 192.168.15.10 2
172.17.48.1 255.255.255.255 On-link 172.17.48.1 5256
172.17.63.255 255.255.255.255 On-link 172.17.48.1 5256
172.22.45.0 255.255.255.0 On-link 172.22.45.143 291
172.22.45.0 255.255.255.0 192.168.15.1 192.168.15.10 2
172.22.45.143 255.255.255.255 On-link 172.22.45.143 291
172.22.45.255 255.255.255.255 On-link 172.22.45.143 291
172.25.16.1 255.255.255.255 On-link 172.25.16.1 5256
172.30.64.0 255.255.240.0 On-link 172.30.64.1 5256
172.30.64.0 255.255.240.0 192.168.15.1 192.168.15.10 2
172.30.64.1 255.255.255.255 On-link 172.30.64.1 5256
172.30.79.255 255.255.255.255 On-link 172.30.64.1 5256
192.168.15.0 255.255.255.0 On-link 192.168.15.10 257
192.168.15.10 255.255.255.255 On-link 192.168.15.10 257
192.168.15.255 255.255.255.255 On-link 192.168.15.10 257
192.168.16.0 255.255.240.0 On-link 192.168.16.1 5256
192.168.16.0 255.255.240.0 192.168.15.1 192.168.15.10 2
192.168.16.1 255.255.255.255 On-link 192.168.16.1 5256
192.168.31.255 255.255.255.255 On-link 192.168.16.1 5256
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.22.45.143 291
224.0.0.0 240.0.0.0 On-link 172.17.48.1 5256
224.0.0.0 240.0.0.0 On-link 192.168.16.1 5256
224.0.0.0 240.0.0.0 On-link 172.30.64.1 5256
224.0.0.0 240.0.0.0 On-link 192.168.15.10 257
224.0.0.0 240.0.0.0 On-link 172.25.16.1 5256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.22.45.143 291
255.255.255.255 255.255.255.255 On-link 172.17.48.1 5256
255.255.255.255 255.255.255.255 On-link 192.168.16.1 5256
255.255.255.255 255.255.255.255 On-link 172.30.64.1 5256
255.255.255.255 255.255.255.255 On-link 192.168.15.10 257
255.255.255.255 255.255.255.255 On-link 172.25.16.1 5256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.22.45.1 Default
0.0.0.0 0.0.0.0 172.22.45.13 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 36 ::/0 On-link
1 331 ::1/128 On-link
12 291 fe80::/64 On-link
21 291 fe80::1541:c9f1:8b73:32b6/128
On-link
28 5256 fe80::3c54:a176:7515:eda5/128
On-link
33 5256 fe80::5408:ef8f:c661:b872/128
On-link
65 5256 fe80::6493:7358:8661:4198/128
On-link
12 291 fe80::6b06:6381:5d0b:2c5c/126
On-link
12 291 fe80::6b06:6381:5d0b:2c5d/128
On-link
12 291 fe80::75e2:8cab:f2d5:bef6/128
On-link
79 5256 fe80::c156:5741:8f9c:575/128
On-link
1 331 ff00::/8 On-link
21 291 ff00::/8 On-link
28 5256 ff00::/8 On-link
33 5256 ff00::/8 On-link
65 5256 ff00::/8 On-link
79 5256 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :

Ethernet adapter Ethernet 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Physical Address. . . . . . . . . : 00-05-9A-3C-7A-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6b06:6381:5d0b:2c5d%12(Preferred)
Link-local IPv6 Address . . . . . : fe80::75e2:8cab:f2d5:bef6%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.15.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : ::
192.168.15.1
DHCPv6 IAID . . . . . . . . . . . : 1241515418
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
DNS Servers . . . . . . . . . . . : 172.22.45.115
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (13) I219-V
Physical Address. . . . . . . . . : C0-25-A5-65-BC-16
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
Physical Address. . . . . . . . . : D6-1B-81-C8-E4-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4
Physical Address. . . . . . . . . : E6-1B-81-C8-E4-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek USB GbE Family Controller #2
Physical Address. . . . . . . . . : C0-25-A5-65-BC-17
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1541:c9f1:8b73:32b6%21(Preferred)
IPv4 Address. . . . . . . . . . . : 172.22.45.143(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.22.45.1
DHCPv6 IAID . . . . . . . . . . . : 717235621
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
DNS Servers . . . . . . . . . . . : 172.22.45.115
172.22.45.116
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.la.comcast.net
Description . . . . . . . . . . . : Qualcomm QCA61x4A 802.11ac Wireless Adapter
Physical Address. . . . . . . . . : D4-1B-81-C8-E4-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : D4-1B-81-C8-E4-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter vEthernet (Ethernet):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-15-5D-77-F6-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3c54:a176:7515:eda5%28(Preferred)
IPv4 Address. . . . . . . . . . . : 172.17.48.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 469767517
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Ethernet 3):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-34-B8-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5408:ef8f:c661:b872%33(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.16.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 553653597
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Wi-Fi):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
Physical Address. . . . . . . . . : 00-15-5D-7E-4A-60
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6493:7358:8661:4198%65(Preferred)
IPv4 Address. . . . . . . . . . . : 172.30.64.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 1090524509
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Ethernet 4):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #4
Physical Address. . . . . . . . . : 00-15-5D-DE-C3-38
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c156:5741:8f9c:575%79(Preferred)
IPv4 Address. . . . . . . . . . . : 172.25.16.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 1325405533
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\WINDOWS\system32>

MHM Cisco World · ‎04-02-2022

Hi Friend are this issue Solved ? After review all config I found what is issue here.

JUST CONFIG ROUTE-LOOKUP WITH
NAT exception
NAT for U-Turn

Check this solution and see result.

Also as I think this answer for your second post about access internal Subnet.

Good Luck Friend.

chris.bias · ‎04-04-2022

@MHM Cisco World I need to do this on the router or the ASA. Just wanted to be sure.

MHM Cisco World · ‎04-04-2022

No in ASA only,
and Do packet-tracer as @Rob Ingram suggest before to see if the Anyconnect can connect first the 8.8.8.8 and then connect your internal subnet "for second post".

chris.bias · ‎04-04-2022

@MHM Cisco Worldand @Rob Ingram I apologize again but what is the command line for this. I am being very careful with this so I want to be sure.

MHM Cisco World · ‎04-04-2022

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/firewall/asa-98-firewall-config/nat-reference.html

https://www.fir3net.com/Firewalls/Cisco/cisco-asa-traffic-sent-out-incorrect-interface-due-to-nat-rule.html

read about route-lookup in this doc.

your packet-tracer failed at this phase WEBVPN-SVC DROP

Phase: 7
Type: WEBVPN-SVC
Subtype: in
Result: DROP
Config:
Additional Information:

Solution https://finkotek.com/vpn-client-cant-reach-inside-ip-of-cisco-asa/

MHM Cisco World · ‎04-04-2022

two option,
1-use interface instead of any in nat <- i think this work for u-trun
2-use route-lookup for NAT this for any connect to inside subnet.

nancyjane7365 · ‎02-19-2023

Based on your IPConfig and route print outputs, it seems that your computer has multiple network interfaces, including the Cisco AnyConnect VPN adapter, the Intel Ethernet Connection adapter, the Microsoft Wi-Fi Direct Virtual Adapters, the Realtek USB GbE Family Controller adapter, the Qualcomm QCA61x4A 802.11ac Wireless Adapter, and some Hyper-V Virtual Ethernet Adapters. The issue you're experiencing may be caused by a routing conflict between these adapters, especially since the AnyConnect adapter is configured as the default gateway (0.0.0.0). When you connect to the VPN, all your network traffic is routed through the AnyConnect adapter, which may cause conflicts with the other adapters. You may need to adjust your routing table to ensure that your internet traffic is properly routed through the correct adapter. You may want to contact your network provider for assistance with this issue, as they may have specific requirements or limitations for routing traffic over their VPN. You could also try disabling the other network adapters temporarily and see if that resolves the issue. If that works, you could try re-enabling the adapters one at a time to identify which one is causing the conflict. I hope this helps, let me know if you have any other questions.