Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 23-07-2011
Member
 
Join Date: May 2011
Posts: 1,927
How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

I've been trying to establish an SSL VPN for remote customer connectivity Any Connect. I configured everything needed, which can connect to the VPN page, download the client, establish connectivity, and get an internal IP address. But you cannot ping any internal (and, of course, the external IP address) Can you guess what might be wrong? If anybody gone through same problem and know how to fix it than do let me know.
Reply With Quote
  #2  
Old 23-07-2011
Member
 
Join Date: Jun 2009
Posts: 1,205
Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

Code:
!
hostname xxxxx
!
interface GigabitEthernet0/0
speed 1000
duplex full
nameif outside
security-level 0
ip address xx.xx.190.66 255.255.255.192 
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.137.1.1 255.255.255.0 
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!

access-list global_access extended permit ip object All_Subnets interface outside 
access-list inside_access_in extended permit ip any any 
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any object WRKCAPP 
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object DTEXC01 
access-list outside_access_in extended permit ip any object DTEXC01-hide 
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any object BIZDESKAPP 
access-list outside_access_in extended permit tcp any object dtproject eq www 
access-list outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1 
access-list outside_access_in remark xxxxxxxxxx
access-list outside_access_in extended permit udp object marsan_vpn any 
pager lines 24
logging enable
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool test_pool 10.137.6.230-10.137.6.235 mask 255.255.255.0
no failover
Reply With Quote
  #3  
Old 23-07-2011
Member
 
Join Date: Nov 2008
Posts: 1,066
Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

First, it affects traffic from any interface destined to the external interface, so traffic from anything inside will be (i.e., traffic from inside the pool for VPN). Second, it is a static NAT does not really do any translation. The twice NAT syntax specifies the real addresses and addresses assigned in the same line, that is why this command only VPN_POOL All Subnets and repeated. If so, for
Code
Code:
Nat (any, outside) source static All Subnets EXAMPLE_SUBNET destination static VPN_POOL
Static NAT would All Subnets to the address in EXAMPLE_SUBNET those destined VPN_POOL. Or, if you looked like this:
Nat (any, outside) source static All Subnets destination static EXAMPLE_SUBNET
Reply With Quote
  #4  
Old 23-07-2011
Member
 
Join Date: Jun 2009
Posts: 1,108
Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

I have been able to send echo requests that is, the devices within the network, but on his way back to the remote client. Were n (p) attend to the direction of the external interface. This was causing problems, I guess. My understanding of the order at the top is this: If a package of ?All_Subnets? blocks "any" interface and intended for the needs of VPN_POOL out (go away from the network the surrounded by), do a static NAT for the same block (All Subnets), which means no NAT at all. And do not decipher the destination address in the midst of the subnet VPN_POOL which yet again means not anything extraordinary.
Reply With Quote
  #5  
Old 23-07-2011
Member
 
Join Date: Jun 2009
Posts: 908
Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

my local pool
Code:
Result of the command: "sh ip local pool test_pool"
Begin           End             Mask            Free     Held     In use
10.137.6.230    10.137.6.235    255.255.255.0       6        0        0
Available Addresses:
10.137.6.230
10.137.6.231
10.137.6.232
10.137.6.233
10.137.6.234
10.137.6.235
Reply With Quote
  #6  
Old 23-07-2011
Members
 
Join Date: Mar 2010
Posts: 219
Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

The idea was to exempt it from NAT does not match the subnet. For example, virtual private networks of this type RA, you must choose a set of fully independent IP VPN customers, then enter the NAT statement to match pool. If you have an overlap with an existing set just get rid of the existing pool, creating a new one, enter the NAT statement for him, and bind to new groups of tunnels that necessitate it.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "How to set up a SSL VPN connection for remote connectivity with AnyConnect Client"
Thread Thread Starter Forum Replies Last Post
Cisco AnyConnect VPN Client not able to set IP filtering GopuHD Networking & Security 6 16-01-2012 08:22 PM
Cisco AnyConnect VPN client causes BSOD Lilija Operating Systems 5 14-12-2010 02:24 PM
Cisco AnyConnect VPN client being blocked Bao Networking & Security 5 21-07-2010 03:48 PM
How to install MS Remote Desktop Connection Client for Mac 2.0.1 ApplePowerPC Networking & Security 3 14-09-2009 07:03 PM
RWW - RDP Client Connection Problems "The client could not connect to the remote computer..." worcester4x4 Small Business Server 2 12-11-2008 01:32 PM


All times are GMT +5.5. The time now is 02:39 AM.