DHCP issues for AnyConnect configuration.

[xylax]

I've been configuring SSL AnyConnect on ASAs for some time now but recently running into a frustrating issue due to specific network configs. When setting up a DHCP Pool for AnyConnect, I've always used a DHCP pool on the same subnet as the ASA's INSIDE interface. AnyConnect works like a champ. However, I'm working with several ASAs where the INSIDE interface is on a /30 subnet so the DHCP pool has to be a non-local subnet. For the life of me, I cannot get this to work after connecting to the VPN. I cannot ping internally, nor any IP on the ASA when connected to VPN. Any thoughts? We're stumped.


Shon
Network Administrator

 

[xylax]

I'm working on ASA 5525x's.

Shon
Network Administrator

 

[jasonmerchants]

Ensure you have NAT statements set to allow the VPN subnet to access the inside interface as you would expect.

Jason
Network Engineer, Cisco, Nortel, ShoreTel

 

[ADB100]

Does the router on the other end of the /30 (and your internal routers) know how to get to the subnet you are using for the RA clients?