Results 1 to 6 of 6

Thread: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

  1. #1
    Join Date
    May 2011
    Posts
    1,932

    How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

    I've been trying to establish an SSL VPN for remote customer connectivity Any Connect. I configured everything needed, which can connect to the VPN page, download the client, establish connectivity, and get an internal IP address. But you cannot ping any internal (and, of course, the external IP address) Can you guess what might be wrong? If anybody gone through same problem and know how to fix it than do let me know.

  2. #2
    Join Date
    Jun 2009
    Posts
    1,205

    Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

    Code:
    !
    hostname xxxxx
    !
    interface GigabitEthernet0/0
    speed 1000
    duplex full
    nameif outside
    security-level 0
    ip address xx.xx.190.66 255.255.255.192 
    !
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    ip address 10.137.1.1 255.255.255.0 
    !
    interface GigabitEthernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    
    access-list global_access extended permit ip object All_Subnets interface outside 
    access-list inside_access_in extended permit ip any any 
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any object WRKCAPP 
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object DTEXC01 
    access-list outside_access_in extended permit ip any object DTEXC01-hide 
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any object BIZDESKAPP 
    access-list outside_access_in extended permit tcp any object dtproject eq www 
    access-list outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1 
    access-list outside_access_in remark xxxxxxxxxx
    access-list outside_access_in extended permit udp object marsan_vpn any 
    pager lines 24
    logging enable
    logging asdm debugging
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    ip local pool test_pool 10.137.6.230-10.137.6.235 mask 255.255.255.0
    no failover

  3. #3
    Join Date
    Nov 2008
    Posts
    1,066

    Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

    First, it affects traffic from any interface destined to the external interface, so traffic from anything inside will be (i.e., traffic from inside the pool for VPN). Second, it is a static NAT does not really do any translation. The twice NAT syntax specifies the real addresses and addresses assigned in the same line, that is why this command only VPN_POOL All Subnets and repeated. If so, for
    Code
    Code:
    Nat (any, outside) source static All Subnets EXAMPLE_SUBNET destination static VPN_POOL
    Static NAT would All Subnets to the address in EXAMPLE_SUBNET those destined VPN_POOL. Or, if you looked like this:
    Nat (any, outside) source static All Subnets destination static EXAMPLE_SUBNET

  4. #4
    Join Date
    Jun 2009
    Posts
    1,112

    Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

    I have been able to send echo requests that is, the devices within the network, but on his way back to the remote client. Were n (p) attend to the direction of the external interface. This was causing problems, I guess. My understanding of the order at the top is this: If a package of “All_Subnets” blocks "any" interface and intended for the needs of VPN_POOL out (go away from the network the surrounded by), do a static NAT for the same block (All Subnets), which means no NAT at all. And do not decipher the destination address in the midst of the subnet VPN_POOL which yet again means not anything extraordinary.

  5. #5
    Join Date
    Jun 2009
    Posts
    909

    Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

    my local pool
    Code:
    Result of the command: "sh ip local pool test_pool"
    Begin           End             Mask            Free     Held     In use
    10.137.6.230    10.137.6.235    255.255.255.0       6        0        0
    Available Addresses:
    10.137.6.230
    10.137.6.231
    10.137.6.232
    10.137.6.233
    10.137.6.234
    10.137.6.235

  6. #6
    Join Date
    Mar 2010
    Posts
    219

    Re: How to set up a SSL VPN connection for remote connectivity with AnyConnect Client

    The idea was to exempt it from NAT does not match the subnet. For example, virtual private networks of this type RA, you must choose a set of fully independent IP VPN customers, then enter the NAT statement to match pool. If you have an overlap with an existing set just get rid of the existing pool, creating a new one, enter the NAT statement for him, and bind to new groups of tunnels that necessitate it.

Similar Threads

  1. Cisco AnyConnect VPN Client not able to set IP filtering
    By GopuHD in forum Networking & Security
    Replies: 6
    Last Post: 16-01-2012, 08:22 PM
  2. Cisco AnyConnect VPN client causes BSOD
    By Lilija in forum Operating Systems
    Replies: 5
    Last Post: 14-12-2010, 02:24 PM
  3. Cisco AnyConnect VPN client being blocked
    By Bao in forum Networking & Security
    Replies: 5
    Last Post: 21-07-2010, 03:48 PM
  4. How to install MS Remote Desktop Connection Client for Mac 2.0.1
    By ApplePowerPC in forum Networking & Security
    Replies: 3
    Last Post: 14-09-2009, 07:03 PM
  5. Replies: 2
    Last Post: 12-11-2008, 01:32 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,670,739.28015 seconds with 17 queries