AnyConnect SSL inside IPSEC tunnel

anlyakho · ‎09-13-2010

We have internal VPN cluster based on 2 ASA-5520.

From inside Cisco networks everything is fine MAC and Windows AnyConnect clients (v2.5 or v3.0) can connect to it.

From otside:

MAC with IPSEC client v4.9 nad AnyConnect v2.5 and 3.0 works fine

Windows IPSEC client v4.9 or v5.0 and any version of AnyConnect can establish connection but failed to do routing.

Federico Coto Fajardo · ‎09-14-2010

Hi,

You have some combinations here:

IPsec for windows and MAC

SSL for windows and MAC

The problem that you report is with the windows IPsec client connecting but not routing properly?

Are the windows IPsec clients using the same pool used by the MAC IPsec clients for example?

Check the following:

With the command: management-access inside

See if you can PING the internal IP of the ASA from the windows IPsec clients.

If it works but still cannot PING the internal network, we can check things like split-tunneling, default-gateway of the internal LAN or something else causing problems in the configuration.

Federico.

anlyakho · ‎09-14-2010

________ _______________________ _________________

| | | | | |

|________| |______________________| |________________|

Here is connection diagram.

Federico Coto Fajardo · ‎09-14-2010

Andy,

Now the post the diagram, can you explain the problem in more detail?

Federico.