06-04-2010 04:39 AM - edited 02-21-2020 04:40 PM
Hi
I've configured SSL VPN access to my ASA 5510 (using the anyconnect client). I can establish the tunnel to ASA without any problems, but can't access any devices on the internal network. I've check all the normal issues like no nat and split tunnel ACL's, but they all look good to me.
Please find the config attached, I would be most grateful if someone could point me in the right direction.
Kind Regards
Terry
06-04-2010 04:43 AM
The split tunnel ACL should be standard ACL instead of extended ACL.
The split tunnel behaviour changes since ASA version 7.x onwards.
It should be as follows:
access-list SSL_Anyconnect_Split standard permit 192.168.1.0 255.255.255.0
If you were testing with ping, you might also want to add the following:
policy-map global_policy
class inspection_default
inspect icmp
Everything else looks good. Hope that helps.
06-04-2010 05:01 AM
Hi, thanks for your response, but unfortunately I'm still seeing the same issue.
One thing to mention is that when the end client is connected and I issue the ipconfig /all command, I don't see a default gateway listed for the anyconnect client - does this sound right?
Regards
Terry
06-04-2010 05:08 AM
Can you please enable the following:
management-access inside
And see if you can ping the ASA inside interface (192.168.1.254).
Please also share the output of "show vpn-sessiondb svc"
06-04-2010 06:18 AM
06-04-2010 06:24 AM
Just rechecking the ASA configuration, you don't seem to have default route configured, or you have removed it from the config?
Further to that, what ip address are you trying to access? and how are you testing the connectivity? ping? RDP? telnet? or others?
If you are trying to ping an internal host, is the internal host default gateway the ASA inside interface?
Lastly, check if disabling the firewall on the host as sometimes it won't accept inbound connection from different subnets.
06-08-2010 12:28 PM
Hi
I was running this in a lab environment using an asa and vmware server, it turned out that the problem was with the vm seup rather than the asa.
Thanks for all your help on this, you helped point me in the right direction.
Kind Regards
Terry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: