Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
5
Helpful
4
Replies

Unable to access internet using Anyconnect client

Go to solution
mahesh18
Level 6
Level 6

‎01-26-2014 06:05 PM - edited ‎03-11-2019 08:36 PM

Hi Everyone,

I have config both anyconnect and RA split tunnel VPN on the ASA.

When using anyconnect client i can connect to Inside network fine but can not access internet sites.

I have this ACL to allow only 10.0.0.0  subnet traffic via Anyconnect client.

Internet traffic should not be using anyconnect tunnel.

access-list just-10 line 1 remark ACL to only  Allow 10.0.0.0/24 through Tunnel

access-list just-10 line 2 standard permit 10.0.0.0 255.255.255.0 (hitcnt=0) 0xb8dcdb54

Regards

MAhesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mahesh18

‎01-27-2014 12:45 AM

Hi,

If you are seeing this traffic on the ASA then it means this traffic is tunneled to the ASA through the VPN connection as you can see from the log message.

If would still like to see some configirations to rule out possible problems on the ASA

show run username anyconnect_user

show run tunnel-group

show run group-policy

Naturally use the "tunnel-group" and "group-policy" names that your connection uses.

There are some DNS related settings with SSL VPN but to my understanding with the currently given information it should not affect your situation.

- Jouni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
mahesh18
Level 6
Level 6

‎01-26-2014 06:22 PM

Hi,

also when i open to access any internet website log shows

Jan 26 2014 19:18:39: %ASA-6-302016: Teardown UDP connection 55050 for outside:10.0.0.51/52176(LOCAL\anyconnect_user) to outside:64.59.144.19/53 duration 0:00:00 bytes 0 (anyconnect_user)

Where 10.0.0.51 is VPN Client IP.

Also when i do nslookup to google.ca

it shows DNS request time out

Where DNS server IP is 64.59.144.19

Regards

MAhesh

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mahesh18

‎01-27-2014 12:45 AM

Hi,

If you are seeing this traffic on the ASA then it means this traffic is tunneled to the ASA through the VPN connection as you can see from the log message.

If would still like to see some configirations to rule out possible problems on the ASA

show run username anyconnect_user

show run tunnel-group

show run group-policy

Naturally use the "tunnel-group" and "group-policy" names that your connection uses.

There are some DNS related settings with SSL VPN but to my understanding with the currently given information it should not affect your situation.

- Jouni

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to mahesh18

‎01-31-2014 10:39 AM

Hi Mahesh,

Were you able to determine the cause of this problem?

- Jouni

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎01-31-2014 11:04 AM

Hi Jouni,

Issue was that i was using split tunneling and using ASDM i selected option allowed tunnel  and choose the option under IPV6 .

Once i choose under right field all was good.

Regards

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card