Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH through AnyConnect VPN

ASA 5505, software version 9.1(2)

Clients are using AnyConnect Secure Mobility Client v3.1.03103.

Clients have no issues connecting to VPN, but they use a terminal emulator program to access some online systems and it will not connect over VPN.

The terminal emulator uses SSH to establish connectivity.

On the local network, the SSH connection happens without any issue.

Over VPN through AnyConnect, I cannot see the traffic via WireShark and I get network timeouts/disconnect from the terminal emulator.

Under the ACL Manager, I have one for the outside_access_in that permits SSH from the RemoteHost to any, so I am not sure where to go with this.

If anyone has any ideas on what to check it would be greatly appreciated.

Everyone's tags (5)
3 REPLIES
Hall of Fame Super Silver

SSH through AnyConnect VPN

You should not normally need the outside_access_in ACL with a remote access VPN as the default is to bypass access-lists for VPN connections.

Is your conenction profile routing the networks (where the servers live) properly to your client?

New Member

SSH through AnyConnect VPN

Marvin,

You are correct, "Bypass interface access lists for inbounds VPN sessions" is enabled.

Connection profile appears to be correct.

SSH through AnyConnect VPN

As mentioned before the access-group is not required.

Now:

1- Check split-tunneling.

2- Check NAT rules.

3- Place packet-capture on the inside interface of the ASA (if the above is correct).

4- Check ASP drops.

5- Run a packet-tracer.

With this troubleshooting you should have a better idea of what the issue is.

HTH.

1771
Views
0
Helpful
3
Replies
CreatePlease to create content