one way ping router anyconnect

Unanswered Question
Aug 12th, 2013
User Badges:

Hello,

there is an issue with my anyconnect.

I have 2801-SEC router and i try to configure an anyconnect remote access VPN.

Client can connect to my router, it obtain IP and everithing good. Client can ping everything in my LAN including local interfaces IP addresses of router. But router can not ping remote client. I think because of this there is no voice through VPN tunnel between cisco router's CME and SIP softphone on my Samsung's IPAD:)

Here is config:


!

interface Loopback100

ip address 192.168.150.99 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

!

interface FastEthernet0/0.1

description TRUNK_TO_DATA_VLAN

bandwidth 20000

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.0

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly in

!

interface FastEthernet0/1

description WAN

ip address **.79.***.78 255.255.255.248

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip nat inside source list SSL interface FastEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 **.79.***.73

!

ip access-list extended SSL

permit ip any any

!

!

webvpn gateway gateway_1

ip address **.79.***.78 port 443 

http-redirect port 80

ssl trustpoint LTK_ROUTER_Certificate

inservice

!

webvpn install svc flash:/webvpn/anyconnect-win-2.5.3046-k9.pkg sequence 1

!

webvpn context SSL_LTK

secondary-color white

title-color #669999

text-color black

ssl authenticate verify all

!

!

policy group policy_1

   functions svc-enabled

   svc address-pool "SSL_pool"

   svc keep-client-installed

   svc split include 192.168.200.0 255.255.255.0

   svc split include 192.168.100.0 255.255.255.0

default-group-policy policy_1

gateway gateway_1

inservice

!

end




Thank you for your help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Peter Koltl Sat, 09/14/2013 - 12:49
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Member's Choice, March 2016

I think you should add a route-map to NAT to exclude the LAN-to-Anyconnect traffic from NAT.

Actions

This Discussion