Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Not able to ping default gateway after Cisco Client VPN connection on ASA 5505

I have configured Cisco Client VPN on Cisco ASA 5505 with Split -VPN and everything was working fine with any issue. After that I was trying to configure AnyConnect VPN with creating self Certificate like below.

 

corpasa(config)#crypto key generate rsa label sslvpnkey 
corpasa(config)#crypto ca trustpoint localtrust 
corpasa(config-ca-trustpoint)#enrollment self 
corpasa(config-ca-trustpoint)#fqdn www.xxxx.com 
corpasa(config-ca-trustpoint)#subject-name CN=xxxxxx.com 
corpasa(config-ca-trustpoint)#keypair sslvpnkey 
corpasa(config-ca-trustpoint)#crypto ca enroll localtrust noconfirm 
corpasa(config)# ssl trust-point localtrust outside

After configuration I got connected but was not able to browse the internet. Also I tried to configure Split-VPN for Anyconnect VPN. I tried to ping default gateway and LAN client's IP addresses but not pingable.  I thought something wrong with AnyConnect VPN configuration and it is live Firewall so I deleted all configuration related to AnyConnect. Still I am not able to ping LAN any IP addresses after connecting through Cisco Client VPN. Please help. I am thinking something went wrong after creating self certificate.

2 REPLIES
Hall of Fame Super Silver

The certificate should not

The certificate should not affect the split tunneling setup.

Can you please provide the configuration or at least the output of "show run group-policy"?

We would normally expect to see a couple of lines like:

 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn_tunnellist

...under the group-policy. "vpn_tunnelist" in my example is an access-list with that name that specifies the remote networks your VPN client should be able to access over the VPN. 

New Member

I deleted the AnyConnect VPN

I deleted the AnyConnect VPN configuration and reconfigured Cisco Client VPN and now Client VPN working fine but I did not try to configure Anyconnect VPN without any proper license.

424
Views
0
Helpful
2
Replies