Website isn't available from inside

rsilaev · ‎01-26-2021

Hello everyone!

I have some problem with one host who uses anyconnect. For example when host connect to Cisco ASA, host gets ip address from pool but the public IP of host is not available from my network until host disconnect.

For example:

Username : host

Assigned IP : 192.168.x.x Public IP : 1.1.1.1
Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
Group Policy : GP_ANYCONNECT2 Tunnel Group : VPN_OFFICE

group-policy GP internal
group-policy GP attributes

dns-server value 192.168.x.x 192.168.x.x
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT
default-domain value CONTOSIO.COM
address-pools value POOL
webvpn
anyconnect ssl dtls enable
anyconnect mtu 1360
anyconnect ssl keepalive 15
anyconnect ssl rekey time 5
anyconnect ssl rekey method ssl
anyconnect dpd-interval client 5
anyconnect dpd-interval gateway 15
anyconnect dtls compression none

tunnel-group OFFICE type remote-access
tunnel-group OFFICE general-attributes
authentication-server-group RAD
tunnel-group OFFICE webvpn-attributes
radius-reject-message
group-alias OFFICE enable

Thanks

balaji.bandi · ‎01-26-2021

Website isn't available from inside -- what website example? is this internal or external?

when you connect to VPN - the VPN uses Corporate / HQ - network route path to go out, if that was restricted you can not able to browse any website related to FQDN.

if you like to use VPN for Corporate(office) IP and you want to use home DSL for internet, then you need to configure a split tunnel

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help