Solved

cisco anyconnect vpn user cannot connect to windows 7 virtual machine[s]

Posted on 2013-05-14
4
1,615 Views
Last Modified: 2013-05-20
hi everyone, strange issue, we have Cisco VPN anyconnect users unable to RDP to some windows 7 PC's that are virtual on a hyper-v host. They can connect to VPN and RDP to virtual servers but for some reason the windows 7 guests give the "unavailable" message. We CAN VPN in and RDP to a virtual server, once inside, we can RDP to the win 7 guests. Physical win 7 machines are working also. Weird one. thanks in advance.
0
Comment
Question by:WAMSINC
  • 2
4 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 39167634
Odd? Can you add the AnyConnect IP range to the allowed RDP (EVEN If THE FIREWALLS Are OFF!) See

Cannot RDP to machines via VPN or from other sites
Pete
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 39167955
Are the Win 7 virtual machines on a different subnet from the hosts?
0
 

Accepted Solution

by:
WAMSINC earned 0 total points
ID: 39168932
ok so we had to open a TAC on this. What they did was run wireshark on a dual nic machine after setting up a port span to mirror traffic. We could see ping packets getting there but not rdp through the VPN. On the firewall they could see from a capture that the packets were sending rdp and ping to the inside, which looked ok so RDP traffic was getting dropped somewhere after that...  We have a barracuda webfilter 410 in line, between our core switch and the firewall. Removing the cuda allowed RDP traffic to get to its destination. SO turns out the cuda had an application policy blocking RDP by default for "unauthenticated policy" which was getting applied because the VPN users are using a AAA local user database to connect to VPN, not LDAP and the cuda sees them as unauthenticated. So out of the box the cuda blocks RDP and a ton of other ports/apps too. The ridiculous part is that it was working intermittently so who knows what else its not doing the way its supposed to. Anyone reading this in the future should check that out if it applies. Case closed thanks for everyone's help.
0
 

Author Closing Comment

by:WAMSINC
ID: 39180452
had to open a TAC see details
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now