Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
399
Views
3
Helpful
3
Replies

anyconnect VPN anyconnect tunnel all traffic

Go to solution
chocolate2395777
Level 1
Level 1

‎07-05-2023 11:41 PM

Hi all,

I have set up the AnyConnect VPN in FMC and allowed all traffic over the tunnel.

I can access any internal network but the VPN client get not connect to Google.com or Cisco.com etc.

When I try to nslookup, the VPN can resolve the IP address 

chocolate2395777_0-1688625115553.png

But can not ping the IP address

chocolate2395777_1-1688625174907.png
chocolate2395777_2-1688625211985.png

I am not sure if is it the NAT issue, but I try the different settings are still the same issues.

chocolate2395777_3-1688625280441.png

Thanks

 

 

 

 

1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎07-06-2023 01:23 AM

chocolate2395777_3-1688625280441.png

you need NATing U-turn 
OUTside,OUTside 
check above

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎07-05-2023 11:52 PM

@chocolate2395777 you need an Auto NAT rule (in addition to the rule above) to allow the RAVPN traffic to hairpin. With the src and dst interfaces are the "outside" interface, the src network is an object that represents the RAVPN pool and traffic is translated behind the outside interface.

Go to solution
MHM Cisco World
VIP
VIP

‎07-06-2023 01:23 AM

chocolate2395777_3-1688625280441.png

you need NATing U-turn 
OUTside,OUTside 
check above

Go to solution
chocolate2395777
Level 1
Level 1

‎07-06-2023 02:59 AM

Thanks so much,

It works, I never thought that need to U-turn.

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents