asmox Posted January 17, 2015 Share Posted January 17, 2015 Hi, Basically, this is the scenario - I have the AnyConnect Secure Mobility client running on two machines on my home LAN reaching out to our ASA 5550 endpoint. One machine is a laptop running Windows 8.1 Pro; the other is a typical desktop running Windows 7 Pro. The AnyConnect clients on both machines are able to successfully establish connectivity through the tunnel, they acquire IP info from the address pools configured on the ASA, and the secured routes are clearly visible in the AnyConnect client and within the operating system itself. Split tunneling is enabled. However, only the laptop is able to actually access resources behind the VPN. The desktop can't. Looking at the ASA logs, traffic coming from my laptop has the IP from the VPN's internal address pool as the source address, while traffic coming from my desktop has the public IP from my ISP as the source address. Obviously, per the access policies we have configured, the former is permitted and the latter is not. Makes sense. What I can't make sense of is what's screwing with the routes on my desktop machine. I have completely disabled all software firewalls, proxies, and anything else I could think of that might be interfering. Both machines are running the same version of AnyConnect with the same settings. The VPN's address pool does not overlap my LAN's DHCP pool. Is there some obscure Windows setting that I'm missing? Link to comment Share on other sites More sharing options...
Recommended Posts