Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
4
Replies

site-to-site connection creation broke anyconnect access

jaz0nj4ckal
Level 1
Level 1

‎02-08-2012 07:18 PM - edited ‎02-21-2020 05:51 PM

ASA = 8.2(1)

ASDM = 6.2(1)

Folks:

Recently I used the wizard to create an IPsec site-to-site connection, which went very smoothly; however, I now noticed that when I connect via Anyconnect 2.5.0217 I cannot get to local and subnatted resources on the network.

I rolled back to saved config file, which was taken before the site-to-site vpn was created, but that did not work as well.

What should I check to see why I can no longer get to different subnets after the site-to-site vpn connection. In addition, I thought once the old config file was applied that would have solved all my issues.

Any sugguestions or comments are welcomed...unfortunately this client does not have a smartnet account so I can't upgrade any of the items yet.

Thank you.

Labels:
0 Helpful
4 Replies 4

ajay chauhan
Level 7
Level 7

‎02-09-2012 05:10 AM

Are you able to connect anyconnect VPN ? and network access does not work then i would say check nat exempt rules.

0 Helpful

jaz0nj4ckal
Level 1
Level 1
In response to ajay chauhan

‎02-09-2012 12:34 PM

That is correct. I am able to connect via the Anyconnect software, and I am able to PING network resources across my subnets; however, I am unable to use RPD (port: 3386) to connect to any of my servers.

I am not sure what would have changed in my NAT exempt rules, or know where to begin to look. I followed this tutorial http://www.youtube.com/watch?v=lGbsQJOxjsI

What should I look at in my ASDM? Would it be an issue with Default policy group? But I thought the Anyconnect SSL connection would not be effected since the two forms are under different categories, so the only thing I can think of, which is common between between the two is the Default Group Policy.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to jaz0nj4ckal

‎02-09-2012 03:44 PM

Hello,

Can you post your configuration, so we can take a look at this issue??

Regards.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

jaz0nj4ckal
Level 1
Level 1
In response to Julio Carvajal

‎02-10-2012 05:20 AM

When I get to the site I will sanitize and upload the startup-config. I have to be honest, that I use the ASDM because I lack cli command knowledge, but I am working on it.

0 Helpful
Customers Also Viewed These Support Documents