Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
0
Helpful
1
Replies

AnyConnect clients traffic can't go to IPsec tunnel

roman.kuchin
Level 1
Level 1

‎10-01-2017 06:44 AM - edited ‎03-12-2019 04:35 AM

Hello, we have quite simple setup.

 

(LAN1) - (ASA1) - (IPsec Tunnel) - (ASA2) - (LAN2)

 

We have AnyConnect clients on ASA1. That clients should have access to LAN1 and LAN2.

Recently we upgraded our ASAs to 9.7(4) version to get Tunnel interfaces.

With crypto maps it worked pretty well, but after moving to Tunnel interfaces AnyConnect clients can't get to LAN2 anymore. They still have connection to LAN1 though.

 

LAN2 is accessible from LAN1 without any problems.

ASA2 has route to AnyConnect clients network through Tunnel interface.

 

When I shutdown Tunnel interfaces and create crypto maps back that it works.

 

What could be the problem?

Labels:
0 Helpful
1 Reply 1

Flavio Miranda
VIP
VIP

‎10-01-2017 04:37 PM

Hi,

Whithout see config is impossible to say anything.

0 Helpful
Customers Also Viewed These Support Documents