Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Any Connect VPN Issue Connecting to Internal Servers

Posted on 2013-10-29
5
Medium Priority
?
431 Views
Last Modified: 2013-11-05
I have a Cisco ASA running 8.3, I am connecting using an Anyconnect VPN client Version 3.1 however cannot ping or connect to any internal servers. I suspect NAT however cant seem to pin it down any help would be appreciated ....  I can connect and authenticate to the ASA with the client.

 sh run attached
sh-runn-edited.txt
0
Comment
Question by:MERC-CS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 1500 total points
ID: 39610002
I would suggest being more specific with your nat exemption.

instead of
nat (inside,any) source static any any destination static sesanyconnectvpn sesanyconnectvpn
!
try

object network NETWORK_OBJ_192.168.1.0_24
 subnet 192.168.1.0 255.255.255.0

nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static sesanyconnectvpn sesanyconnectvpn
!

Also, you don't have a split tunnel specified. although this is not a requirement, you may run into issues without it.
0
 

Author Comment

by:MERC-CS
ID: 39611916
Ok trying this
0
 

Author Comment

by:MERC-CS
ID: 39612694
no luck so far, i have started over using a new profile"anyconnect" and ip pool of "sesanyconnect" I can log in and surf the internet but internal servers I still cannot reach. I uploaded current sh runn reflecting changes.  The pc with client is Windows 7.

Thanks again
0
 

Accepted Solution

by:
MERC-CS earned 0 total points
ID: 39614964
I resolved the issue by changing my vpn pool assignment and network object from 10.10.10.0 255.255.255.0 network to 192.168.2.0 255.255.255.0. Not completely sure what I was missing the other way in the ASA but it is working now.

I also made the changes mentioned by the earlier post as well ...
0
 

Author Closing Comment

by:MERC-CS
ID: 39623804
his solution did not work until I made the final changes
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question