cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3597
Views
0
Helpful
9
Replies

Url not working when connected with vpn with some users, others do??

MJonkers
Level 1
Level 1

Hi,

We use two ASA's 5550 and the anyconnect client to build up a vpn connection. When users are connected to the ASA's some users of the same policy cannot access www.zonmw.nl (nothing will be displayed), others can. When we disconnect vpn the site is accessable.

What could be the problem here, we tried everything.

Could someone else try, with his anyconnect vpn connection to try and connect to this site?

thx,

Marc

9 Replies 9

Jennifer Halim
Cisco Employee
Cisco Employee

1) Are you 100% sure that the user that connects via AnyConnect is assigned the same policy? Can you double check for both users (ie: the one that can connect to "www.zonmw.nl" and the user that can't) by issuing: show vpn-sessiondb svc filter name

2) Do you have split tunnel configured for the AnyConnect?

3) Just confirming that "www.zonmw.nl" is a webserver on the Internet, not hosted behind the ASA?

Hi,

1) Yep 100% the same, we use AD groups and we checked the radius server logs.

2) Split tunnel is not allowed in our policies

3) yes it's a webserver on the internet.

thx

Marc

User who can't access:

Session Type: SVC

Username     : xxx.xxxxx           Index        : 13441

Assigned IP  : 1XX.1XX.1XX.2XX        Public IP    : 1XX.XXX.XXX.XXX

Protocol     : Clientless SSL-Tunnel DTLS-Tunnel

License      : SSL VPN

Encryption   : RC4 AES256             Hashing      : SHA1

Bytes Tx     : 552209                 Bytes Rx     : 131830

Group Policy : ICTS-Netwerken         Tunnel Group : DefaultWEBVPNGroup

Login Time   : 13:31:19 CEDT Tue Apr 20 2010

Duration     : 0h:01m:40s

Inactivity   : 0h:00m:00s

NAC Result   : Unknown

VLAN Mapping : N/A                    VLAN         : none

User who can:

Session Type: SVC

Username     : zzzz.zzz       Index        : 22757

Assigned IP  : 1XXXXXXXX         Public IP    : XXXXXXXXX

Protocol     : Clientless SSL-Tunnel DTLS-Tunnel

License      : SSL VPN

Encryption   : RC4 AES256             Hashing      : SHA1

Bytes Tx     : 2035733                Bytes Rx     : 644081

Group Policy : ICTS-Netwerken         Tunnel Group : DefaultWEBVPNGroup

Login Time   : 13:32:45 CEDT Tue Apr 20 2010

Duration     : 0h:03m:03s

Inactivity   : 0h:00m:00s

NAC Result   : Unknown

VLAN Mapping : N/A                    VLAN         : none

Thanks. Looks exactly the same.

I notice however that both users are using DTLS (UDP/443) for the AnyConnect connection, and when i try to browse to that website, it seems to be a little bit slow to respond. For the user who can't connect to that website, can you try to force it to connect via TLS (TCP/443) and try if the user can browse to that website?

Hi,

Ok tried that no luck, still not displaying the website.

thx,

Marc

___________________________________________________________________________________________________________________________

Session Type: SVC

Username     : xxxxxxx          Index        : 22767

Assigned IP  : xxxxxxxxxxxx        Public IP    : xxxxxxxxxxxxx

Protocol     : Clientless SSL-Tunnel

License      : SSL VPN

Encryption   : RC4 AES256             Hashing      : SHA1

Bytes Tx     : 891388                 Bytes Rx     : 107493

Group Policy : ICTS-Netwerken         Tunnel Group : DefaultWEBVPNGroup

Login Time   : 13:46:28 CEDT Tue Apr 20 2010

Duration     : 0h:02m:43s

Inactivity   : 0h:00m:00s

NAC Result   : Unknown

VLAN Mapping : N/A                    VLAN      

When we wait we see this displayed in the browser:

Error 101 (net::ERR_CONNECTION_RESET): Unknown error.

If the user where it works, logs in with vpn on the pc of the user where it doesn't work, it also doesn't work for him.

Same ISP connection or different ISP connection?

Same ISP, but also tried other ISP's the same result. Looks like a problem on the workstations where it does not work.

But there are many, workstations and laptops of the company but also home computers. Very strange this .....

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: