AnyConnect SSL inside IPSEC tunnel

Unanswered Question
Sep 13th, 2010
User Badges:

We have internal VPN cluster based on 2 ASA-5520.

From inside Cisco networks everything is fine MAC  and Windows AnyConnect clients (v2.5 or v3.0) can connect to it.

From otside:

MAC with IPSEC client v4.9 nad AnyConnect v2.5 and 3.0 works fine

Windows IPSEC client v4.9 or v5.0 and any version of AnyConnect can establish connection but failed to do routing.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Tue, 09/14/2010 - 08:25
User Badges:
  • Green, 3000 points or more


You have some combinations here:

IPsec for windows and MAC

SSL for windows and MAC

The problem that you report is with the windows IPsec client connecting but not routing properly?

Are the windows IPsec clients using the same pool used by the MAC IPsec clients for example?

Check the following:

With the command: management-access inside

See if you can PING the internal IP of the ASA from the windows IPsec clients.

If it works but still cannot PING the internal network, we can check things like split-tunneling, default-gateway of the internal LAN or something else causing problems in the configuration.


anlyakho Tue, 09/14/2010 - 10:32
User Badges:

________                _______________________           _________________

|        |              |                      |          |                |

|Client  |---IPSEC----->|IPSEC VPN Concentrator|---SSL--->|SSL VPN Cluster |

|________|              |______________________|          |________________|

Here is connection diagram.

Federico Coto F... Tue, 09/14/2010 - 11:48
User Badges:
  • Green, 3000 points or more


Now the post the diagram, can you explain the problem in more detail?



This Discussion

Related Content