Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to establish TCP/IP sessions to some systems over AnyConnect VPN

While the IPSec VPN works completely fine, the AnyConnect VPN has issues establishing TCP/IP sessions with some of the servers on the network.

When connected using the SLL based AnyConenct VPN client, I am able to ping all the systems. However, I can only net view \\hostname into a subset of my systems. The issue is not related to NetBIOS name resolution. The WINS is working fine. I am unable to even net view \\IP_Address. Also, note that IPSec clients work fine and thus I am assuming it is the SSL protocol that is being filtered out.

The strage part is that I can connect to a different set of servers with each VPN session. It isn't always the same servers that work or don't work. Since the problem is seen with different systems with different VPN sessions, it is hard to diagnose.

Here is how far I am -

Packet capturing at the firewall (ASA 5510), Core switches (Catalyst 4500) and the servers show that the SSL packets are only going one way. There is nothing coming the other way. The switches are configured to redirect all traffic for all VLANs to the WAAS. This seems to be an issue with the WAAS WAE device. When I remove the 'ip wccp redirect' commands for all the VLANs, the issue is resolved. I do not see any problems with my VPN.

New Member

Re: Unable to estable TCP/IP sessions to some systems over AnyCo

I also tried to disable SSL accelerator on the WAE but that does not resolve the issue.

FYI, we are not using hte webVPN but the SSL client to establish VPN connection.