AnyConnect client can't ping IOS webvpn

michael.maciag · ‎10-11-2008

I've setup webvpn on a 3825 and AnyConnect clients can connect and check for updates but none can reach any addresses on the internal network. The IP addresses they are issued are not pingable from the router. I'm a bit of a novice but I've checked all of the support articles and can't seem to figure out what I've done wrong. Any pointers would be appreciated.

3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(20)T

Marwan ALshawi · ‎10-11-2008

do u have the nat emption configured correctly

u need to have a deny staement in ur nat ACL should be first line which deny any ip traffic from ur internal LAN to the IP address pool of the anyconnect

this will exmpt the returne traffic to vpnuseres from being nated

good luck

if helpful Rate

michael.maciag · ‎10-14-2008

I've done some homework on nat exemptions and I think I set them up correctly but maybe not. I still can't ping from the client to the internal network nor from the internal network to the assigned client pool ip.

I've attached my configuration and output from a debug of the ping and nat. If someone can make any more suggestions they would be appreciated.

michael.maciag · ‎10-15-2008

I wanted to post a final update. I found my error. WebVPN on my 3825 is now working as expected. It was a routing issue unrelated to the WebVPN setup.