Solved

Cisco Any Connect VPN Issue Connecting to Internal Servers

Posted on 2013-10-29
5
412 Views
Last Modified: 2013-11-05
I have a Cisco ASA running 8.3, I am connecting using an Anyconnect VPN client Version 3.1 however cannot ping or connect to any internal servers. I suspect NAT however cant seem to pin it down any help would be appreciated ....  I can connect and authenticate to the ASA with the client.

 sh run attached
sh-runn-edited.txt
0
Comment
Question by:MERC-CS
  • 4
5 Comments
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 500 total points
ID: 39610002
I would suggest being more specific with your nat exemption.

instead of
nat (inside,any) source static any any destination static sesanyconnectvpn sesanyconnectvpn
!
try

object network NETWORK_OBJ_192.168.1.0_24
 subnet 192.168.1.0 255.255.255.0

nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static sesanyconnectvpn sesanyconnectvpn
!

Also, you don't have a split tunnel specified. although this is not a requirement, you may run into issues without it.
0
 

Author Comment

by:MERC-CS
ID: 39611916
Ok trying this
0
 

Author Comment

by:MERC-CS
ID: 39612694
no luck so far, i have started over using a new profile"anyconnect" and ip pool of "sesanyconnect" I can log in and surf the internet but internal servers I still cannot reach. I uploaded current sh runn reflecting changes.  The pc with client is Windows 7.

Thanks again
0
 

Accepted Solution

by:
MERC-CS earned 0 total points
ID: 39614964
I resolved the issue by changing my vpn pool assignment and network object from 10.10.10.0 255.255.255.0 network to 192.168.2.0 255.255.255.0. Not completely sure what I was missing the other way in the ASA but it is working now.

I also made the changes mentioned by the earlier post as well ...
0
 

Author Closing Comment

by:MERC-CS
ID: 39623804
his solution did not work until I made the final changes
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question