I'm trying to set up an SSL VPN on our ASA 5510 using the Secure Mobility client. After working through several issues, I was able to get the test server to download and install the Linux client, and it says that it's connected. When I try to ping any server inside the LAN though, the first ping is replied to, and the rest time out. On the firewall I see a stream of errors like this:
split tunneling seems to be working right, I can access the Internet still, but any attempt to reach a server in the LAN times out.
Now I had this working before with a Windows and a Mac client, but deleted that setup and (I thought) completely recreated it when I updated the anyconnect images to include a linux image. Now I get this same problem with all 3 platforms.
Can anyone advise me as to what I may be missing or what I can provide to diagnose the problem?
ASA is running v8.2(5)
I followed this guide to set it up: http://www.techrepublic.com/blog/data-center/eight-easy-steps-to-cisco-asa-remote-access-setup/
Result: input-interface: inside input-status: up input-line-status: up output-interface: inside output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule
Phase: 11 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 42436422, packet dispatched to next module Module information for forward flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_tcp_normalizer snp_fp_translate snp_fp_adjacency snp_fp_svc_ob_tunnel_flow snp_fp_fragment snp_ifc_stat
Module information for reverse flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_svc_ib_tunnel_flow snp_fp_translate snp_fp_tcp_normalizer snp_fp_adjacency snp_fp_fragment snp_ifc_stat
Result: input-interface: inside input-status: up input-line-status: up output-interface: outside output-status: up output-line-status: up Action: allow
Now the packet from the VPN client to the server is denied by the default any any ip deny rule, but there is an any any accept rule in spot 1, so I am really confused as to why that is.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :