Unable to establish TCP/IP sessions to some systems over AnyConnect VPN

Unanswered Question
Jan 14th, 2010
User Badges:

While the IPSec VPN works completely fine, the AnyConnect VPN has issues establishing TCP/IP sessions with some of the servers on the network.

When connected using the SLL based AnyConenct VPN client, I am able to ping all the systems. However, I can only net view \\hostname into a subset of my systems. The issue is not related to NetBIOS name resolution. The WINS is working fine. I am unable to even net view \\IP_Address. Also, note that IPSec clients work fine and thus I am assuming it is the SSL protocol that is being filtered out.

The strage part is that I can connect to a different set of servers with each VPN session. It isn't always the same servers that work or don't work. Since the problem is seen with different systems with different VPN sessions, it is hard to diagnose.

Here is how far I am -

Packet capturing at the firewall (ASA 5510), Core switches (Catalyst 4500) and the servers show that the SSL packets are only going one way. There is nothing coming the other way. The switches are configured to redirect all traffic for all VLANs to the WAAS. This seems to be an issue with the WAAS WAE device. When I remove the 'ip wccp redirect' commands for all the VLANs, the issue is resolved. I do not see any problems with my VPN.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gbihari123 Thu, 01/14/2010 - 08:42
User Badges:

I also tried to disable SSL accelerator on the WAE but that does not resolve the issue.

FYI, we are not using hte webVPN but the SSL client to establish VPN connection.


This Discussion