State the problem
Identify possibilities
Use the tools to isolate
correct without causing harm
Prob: not able to login with any-connect client
error msg shown while logging : No address available for SVC connection
We can use DART (diagnostic and reporting) tool which can be installed along with any-connet client. This is an optional component.
In ASDM look for event viewer
Monitoring -> logging -> Real-Time Log Viewer
clear all the logs
Try connecting once again and check the logs
Check the details for that particular user
Config -> remote access VPN-> AAA/local users -> local users
double click on that user and check VPN policy
Check connection profile as well
Client address pool is not assigned here
Now add address pool on connection profile
Now user will be able to login and ip address will be assigned to him
2nd issue: Internet access isn’t working while Anyconnect SSL VPN tunnel is up
Solution: Disconnect the VPN and go to google but this is not a viable solution everytime
Connect once again. Check route details
0.0.0.0/0
this is tunnel all policy
Solution is split tunneling or hairpin turn.
Only traffic for vpn user goes through tunnel and else everything will be without tunnel
Config -> remote access VPN->Network client access -> group policies -> select group -> Advanced -> Split tunneling
disconnect and reconnect once again
now route details would have changed.
Risks: if that user is compromised somehow on outside network.
No comments:
Post a Comment