Wireless Access

Posts: 360
Registered: ‎05-09-2013

Aruba 7210 - Cisco AnyConnect issue

Hi everybody,


I have a customer who utilizes Cisco's VPN "AnyConnect". Currently they allow vendors to use the VPN on the guest network which is only captive portal username/login. They are denying internal networks, but using "allowall" below the deny in the firewall rules. Users can successfully connect to the guest network and access the internet, but they cannot launch their VPN client.


Could the deny-internal-network rule be causing the issue?


If not are there additional firewall rules (ports to allow, addresses to allow)


I also tried adding a rule to allow the specific IP address for the user in the Guest role for the VPN server, but I received an error stating "invalid ipaddress/subnet mask" 


Any ideas?


Thanks for the help!

Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
Guru Elite
Posts: 20,789
Registered: ‎03-29-2007

Re: Aruba 7210 - Cisco AnyConnect issue

I would use "show datapath session table <ip address of that client>" to see what gets denied.  It is possible that the VPN client is using an internal DNS server or something.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Posts: 447
Registered: ‎11-04-2011

Re: Aruba 7210 - Cisco AnyConnect issue

For the access list part, the IP does indeed not match the subnet Use instead to match that subnet.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
Search Airheads
Showing results for 
Search instead for 
Did you mean: