12-18-2019 12:22 PM
Hi All,
I'm having a really difficult time getting Anyconnect tunnelALL (Hairpin) to work.
- Client connects
- Split tunnel works fine
- PCAP trace shows traffic destined for Internet NOT being natted.
The client successfully connects but when "TunnelALL" is turned on, the Windows Client OS (Win10) thinks it has no connection (and when ipconfig I see 2 DG's).
Below is relevant config from my Firewall..
*** ASA 5525
object network MOBILE_VPN_POOL_BBC
subnet 10.252.252.0 255.255.255.0
nat (ISP1,ISP1) dynamic interface
ip local pool MOBILE_VPN_POOL_BBC 10.252.252.1-10.252.252.254 mask 255.255.255.0
group-policy GP_ANYCONNECT internal
group-policy GP_ANYCONNECT attributes
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall
split-tunnel-all-dns enable
tunnel-group TG_ANYCONNECT type remote-access
tunnel-group TG_ANYCONNECT general-attributes
address-pool MOBILE_VPN_POOL
default-group-policy GP_ANYCONNECT
tunnel-group TG_ANYCONNECT_ webvpn-attributes
group-alias VPN enable
same-security-traffic permit intra-interface
Solved! Go to Solution.
12-18-2019 12:41 PM
12-18-2019 12:31 PM
12-18-2019 12:33 PM
12-18-2019 12:41 PM
12-18-2019 12:43 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide