I have an ASA 5550 (actually a FO pair) running 8.2(5) with AnyConnect
anyconnect-win-2.5.3046-k9.pkg client (this is at https://sslvpn.tau.ac.il). We run with split tunnel. This setup usually work, One of our users (on a Windows 7 machine) was using USC (probably http://sslvpn.usc.edu). When trying to access our service, the session is being terminated once the user tries to access a resource thru the tunnel with "
The VPN connection was terminated due to a system routing table modification and could not be automatically re-established. A new connection is necessary, which requires re-authentication.". Restarting the session doesn't help. I also asked the user to uninstall the AC client and see if that helps.
If I understand it right, the user is trying to access a second service while already logged in via the first. If so, it further sounds as if the two VPNs have incompatible (i.e., overlapping) routes being pushed down to the client. As soon as the second one comes up, it breaks the routing being propogated and expected by the first one.
If that is indeed the case, they will not be able to access both VPNs at the same time even if otherwise allowed by policy.
Actually, I made sure that the user is trying to access only TAU VPN and that the USC session is disconnected. I also asked him to reboot his PC and even to uninstall the AC client just to make sure my AC code will get installed. There might be some other things that the USC client left behind, but I am not sure what or how to get it removed. It might be that the USC client is older and I am not sure if they do split tunnel or not, but I cannot really tell because it is not my installation.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...