• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 693
  • Last Modified:

CISCO AnyConnect VPN Users Can't Ping or RDP into Each Other

Our users can ping other site-to-site VPN's on different subnets but can't ping each other on the same subnet.
1 Solution
This comes down to NAT rules most likely. Most nat exemptions include where all the remote access clients can go such as subnets at the main sites and other remote sites, but rarely do they include (or need) to allow RA clients to communicate directly with other RA clients. There is an increasing need when it comes to remote telephony users.

Anyway, you need to add in a nat exemption to allow traffic to/from the RAVPN subnet, and also make sure that the subnet is included in the split tunnel if a split tunnel is used.

RA Clients receive IP's in the range of 192.168.255.x/24

object net SUBNET-

!add the RAVPN subnet to the existing split tunnel ACL
access-list splittunnel standard permit

nat (any,any) source static SUBNET- SUBNET- destination static SUBNET- SUBNET- no-proxy-arp

All things depending on your rules, using (any,any) might be great or it may cause problems. If it causes problems, just be more specific and use (outside,outside) or whatever the name of the internet that VPN users connect to is called.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now