Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2310
Views
0
Helpful
6
Replies

webvpn-svc action - drop

jeremie.dikazolele
Level 1
Level 1

ā€Ž10-31-2021 08:09 AM

Hello team

I have an issue with vpn any connect.

everything worked well before and suddenly I learn from users that they can no longer reach the network when they connect to the vpn. nothing was changed at my level. I had to do the packet tracer test, I see this error, webvpn-svc action - drop. what can cause that?

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

ā€Ž10-31-2021 08:52 AM

Looks to me high level there may be ACL Missing allowing users to connect Lan resources, just try to add ACL entry VPN users IP to allow Lan IP address range and test it.

 

here is packet flow :

 

https://www.petenetlive.com/KB/Article/0001298

 

still, issue post the config (by removing confidential information) and give us the user IP and Lan IP which failing.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jeremie.dikazolele
Level 1
Level 1
In response to balaji.bandi

ā€Ž10-31-2021 09:26 AM

Spoiler
Hello dear balaji,

I have added the access-list-in on the outside interface but I got the same issue. I will share the configuration tomorrow morning. 
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jeremie.dikazolele

ā€Ž10-31-2021 03:08 PM

Ok sure post the config also gives us input web VPN IP trying to access local resources. example.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jeremie.dikazolele
Level 1
Level 1
In response to balaji.bandi

ā€Ž11-01-2021 06:52 AM

hello Dear Balaji

 

thanks for your attention to my request,

 

it's fine now, i have added the route of my pool in my second firewall which is connected directly on the vpn firewall.

 

best regards,

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jeremie.dikazolele

ā€Ž11-01-2021 10:34 AM

Glad all working can we mark this as resolved,

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jeremie.dikazolele
Level 1
Level 1
In response to balaji.bandi

ā€Ž11-03-2021 02:32 AM

Yes balaji 

0 Helpful
Customers Also Viewed These Support Documents