Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Aruba 7210 - Cisco AnyConnect issue

This thread has been viewed 8 times

  • 1.  Aruba 7210 - Cisco AnyConnect issue

    MVP
    Posted Aug 15, 2013 04:06 PM

    Hi everybody,

     

    I have a customer who utilizes Cisco's VPN "AnyConnect". Currently they allow vendors to use the VPN on the guest network which is only captive portal username/login. They are denying internal networks, but using "allowall" below the deny in the firewall rules. Users can successfully connect to the guest network and access the internet, but they cannot launch their VPN client.

     

    Could the deny-internal-network rule be causing the issue?

     

    If not are there additional firewall rules (ports to allow, addresses to allow)

     

    I also tried adding a rule to allow the specific IP address for the user in the Guest role for the VPN server 205.73.16.5 255.255.255.0, but I received an error stating "invalid ipaddress/subnet mask" 

     

    Any ideas?

     

    Thanks for the help!


    #7210


  • 2.  RE: Aruba 7210 - Cisco AnyConnect issue

    EMPLOYEE
    Posted Aug 15, 2013 04:56 PM

    I would use "show datapath session table <ip address of that client>" to see what gets denied.  It is possible that the VPN client is using an internal DNS server or something.

     


    #7210


  • 3.  RE: Aruba 7210 - Cisco AnyConnect issue

    EMPLOYEE
    Posted Aug 15, 2013 05:11 PM
    For the access list part, the IP 205.73.16.5 does indeed not match the subnet 255.255.255.0. Use 205.73.16.0 instead to match that subnet.
    #7210