Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA - No Access to Hosts in DMZ using SSL Anyconnect VPN Client

Hi Community,

I have an issue whereby we are unable to access any hosts in the DMZ (192.168.22.0/24) when using the SSL Anyconnect VPN client.  I suspect an ACL issue somewhere?


on the ASA I found this setting:

Configuration
    --->Remote Access VPN
        --->Network Client Access
            --->Group Policies
                For each Group we have---> Manage IPV4 filter
                    
This is where I see Std ACL with some entries

    Split_Tunnel

        192.168.0.0/16
        
    VPN_Routes
        192.20.3.0/24


Can anyone advise if I just add the DMZ (192.168.22.0/24) Subnet to the Split_Tunnel Std ACL? 

 

Thank you.

2 REPLIES
Hall of Fame Super Silver

There is not much point in

There is not much point in adding 192.168.22.0/24 to the split tunnel ACL because it is already included in 192.168.0.0/16. It might be helpful to add 192.168.22.0 to the VPN_Routes ACL. Can you tell us what is 192.20.3.0/24 that is currently specified in that ACL?

 

Can you verify that devices in the DMZ have a route to the address pool for VPN?

 

HTH

 

Rick

Silver

Make sure your VPN traffic is

Make sure your VPN traffic is NAT exempted.

477
Views
0
Helpful
2
Replies