Solved

Cisco Any Connect VPN Issue Connecting to Internal Servers

Posted on 2013-10-29
5
418 Views
Last Modified: 2013-11-05
I have a Cisco ASA running 8.3, I am connecting using an Anyconnect VPN client Version 3.1 however cannot ping or connect to any internal servers. I suspect NAT however cant seem to pin it down any help would be appreciated ....  I can connect and authenticate to the ASA with the client.

 sh run attached
sh-runn-edited.txt
0
Comment
Question by:MERC-CS
  • 4
5 Comments
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 500 total points
ID: 39610002
I would suggest being more specific with your nat exemption.

instead of
nat (inside,any) source static any any destination static sesanyconnectvpn sesanyconnectvpn
!
try

object network NETWORK_OBJ_192.168.1.0_24
 subnet 192.168.1.0 255.255.255.0

nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static sesanyconnectvpn sesanyconnectvpn
!

Also, you don't have a split tunnel specified. although this is not a requirement, you may run into issues without it.
0
 

Author Comment

by:MERC-CS
ID: 39611916
Ok trying this
0
 

Author Comment

by:MERC-CS
ID: 39612694
no luck so far, i have started over using a new profile"anyconnect" and ip pool of "sesanyconnect" I can log in and surf the internet but internal servers I still cannot reach. I uploaded current sh runn reflecting changes.  The pc with client is Windows 7.

Thanks again
0
 

Accepted Solution

by:
MERC-CS earned 0 total points
ID: 39614964
I resolved the issue by changing my vpn pool assignment and network object from 10.10.10.0 255.255.255.0 network to 192.168.2.0 255.255.255.0. Not completely sure what I was missing the other way in the ASA but it is working now.

I also made the changes mentioned by the earlier post as well ...
0
 

Author Closing Comment

by:MERC-CS
ID: 39623804
his solution did not work until I made the final changes
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question