I have an ADA5505 that I am running the latest IOS and I have setup AnyConnect and downloaded the 90-day demo license for Mobility.
I am able to connect on the Windows platform fine and have full access and DNS but if I connect using the iPad I cannot connect to any resources in my network or even ping. The AnyConnect for Mobility Client seems to connect OK and shows a proper IP address from the VPN pool.
Any ideas as to what may cause this? Here is the config. (Note there is a legacy VPN (GorrillVpn) that fill be removed once AnyConnect is working properly).
switchport access vlan 2
ip address 10.0.0.1 255.255.255.0
ip address 126.96.36.199 255.255.255.248
boot system disk0:/asa842-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
object network obj-10.0.0.0
subnet 10.0.0.0 255.255.255.0
object network obj-172.16.1.0
subnet 172.16.1.0 255.255.255.0
object network obj-10.0.0.12
object network obj-10.0.0.10
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj_any-01
subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
access-list allow extended permit tcp any host 10.0.0.12 eq smtp
access-list allow extended permit tcp any host 10.0.0.12 eq pop3
access-list allow extended permit tcp any host 10.0.0.12 eq 3389
access-list allow extended permit tcp any host 10.0.0.12 eq www
access-list allow extended permit tcp any host 10.0.0.12 eq https
access-list allow extended permit tcp any host 188.8.131.52 eq 3389
access-list allow extended permit tcp any host 10.0.0.10 eq 3389
access-list 108 extended permit ip 10.0.0.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
ip local pool test 172.16.1.1-172.16.1.255 mask 255.255.255.0
i to am having the same issue. here is what i found to make it work. but i dont like the work arround. i found that my company network is 192.168.1.xxx ip scheme and my users ipad and home network is also 192.168.1.xxx. so anything he tries to connect to at work just wont flow over the vpn tunnel. once i changed his home network router to 10.0.0.1, everything worked just fine. but the fact is most places he will travel to will likely have 192.168.1.xxx access points as that is such a common ip scheme. so im trying to figure out a way around that. anybody have any ideas? other than changing my company's internal ip scheme.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...