Hello, We just setup a new ASA 5512x running v9.1(2). We have about 30 remote Anyconnect SSL vpns and an IPSec tunnel to a remote LAN. We have been able to get all the VPN connections up and passing traffic such that remote VPNs can reach the LOCAL LAN The LOCAL LAN can reach the REMOTE LAN, THE VPNs can get Internet access via NAT. The one thing we can't seem to get working is the VPNs to reach the REMOTE LAN. The REMOTE LAN does know about these IP blocks. Doing a packet-tracer, It hangs on the following.
Phase: 7 Type: WEBVPN-SVC Subtype: in Result: DROP Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7fffa08adb40, priority=70, domain=svc-ib-tunnel-flow, deny=false hits=450, user_data=0x39000, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=192.168.95.7, mask=255.255.255.255, port=0, tag=0 dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0 input_ifc=outside, output_ifc=any Result: input-interface: outside input-status: up input-line-status: up output-interface: inside output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule VPN clients are in 192.168.95.0/24 LAN is on 10.158.95.0/24 REMOTE LAN is on 10.158.58.0/24 VPN clients are setup to tunnel all traffic. Any idea where to look to resolve this one issue? -Lee _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/