Thanks for the reply. The ip addresses the vpn users receive can reach the website via its internal ip. No ACLs are currently used. I do see that when connected via AnyConnect no default gateway is listed on the pc, not sure if that means anything.

One workaround i found, but dont like, is to add a hosts file mapping to the public website and also check the "allow local lan access" option in the AnyConnect client software.

If you need the config I can send it after cleaning it up a bit.

Matt

 

 You said: "..Users who connect using AnyConnect cannot get to our corporate public website"

 But then you say: "... The ip addresses the vpn users receive can reach the website via its internal ip"

 

 

 They are able to reach through the internal network but dont through the public IP address?  Why you want then to reach thought the public access? 

 The problem of client VPN reach website using your public IP address is the hairpinning problem, when the packet need to enter and leave the same firewall interface.

 Will be much more easy if they can go internal.

 

 

-If I helped you somehow, please, rate it as useful.-

To clarify, if a user was to use the ip they receive through the vpn, on their desktop at work, they can get to the corporate website via the standard URL. However, when connecting through the VPN on their personal machines, they cannot get there using the standard URL. There is only the standard URL. Our website admins and networking teams must have implemented a way for internal users to get to the site without the traffic leaving the LAN. I am not sure why this doesn't work when connected via the vpn, which uses an address pool on the same subnet as internal desktops.

I worked with the TAC on this and we added a public DNS address in front of our internal DNS server, which resolved the issue.