Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Anyconnect Clients Cannot Communicate with each other

I have an issue that I've been pulling my hair out on.....my telecommuters connect to our corp. network via an AnyConnect VPN connection (version 3.1) to a Cisco ASA5520. I do not have split tunneling enabled for this profile so all traffic should traverse the tunnel and all clients are in the same L3 subnet...as far as their VPN IP address goes. The problem is the telecommuter PCs cannot communicate with each other (pings/RDP/etc.). When watching the log I can see traffic sourced from one destined for another, nothing is getting denied, but they do not communicate. From my corp. network I can communicate with both Anyconnect PCs fine. When I go to Monitoring | Routes in ASDM I can see each host that is connected to the ASA via Anyconnect, and the gateway for each is the default gateway of the ASA.

Am I missing some setting in the VPN profile that is preventing access between these hosts? I would think something would show up in the log....

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

Anyconnect Clients Cannot Communicate with each other

Have you enabled hairpinning and also a nat exempte between the AnyConnect users?

same-security-traffic permit intra-interface

object network AnyConnect_users

subnet

nat (outside,outside) source static AnyConnect_users AnyConnect_users destination static AnyConnect_users AnyConnect_users

If this doesnt sort out your issue, please post a full sanitized configuration of your ASA.

--

Please remember to rate and select a correct answer
3 REPLIES
VIP Green

Anyconnect Clients Cannot Communicate with each other

Have you enabled hairpinning and also a nat exempte between the AnyConnect users?

same-security-traffic permit intra-interface

object network AnyConnect_users

subnet

nat (outside,outside) source static AnyConnect_users AnyConnect_users destination static AnyConnect_users AnyConnect_users

If this doesnt sort out your issue, please post a full sanitized configuration of your ASA.

--

Please remember to rate and select a correct answer
New Member

Anyconnect Clients Cannot Communicate with each other

Thanks for the reply Marius! I fixed this by just running "same-security-traffic permit intra-interface" on the ASA, I did not need to add the hairpin natting.

Thanks for the help....Jeff

VIP Green

Anyconnect Clients Cannot Communicate with each other

Glad you got it working!

Thank you for rating the post.

--

Please remember to rate and select a correct answer
719
Views
0
Helpful
3
Replies
CreatePlease login to create content