Hi Folks,
I’m unable to connect to my company network via the “Cisco AnyConnect Secure Mobility Client” for a few days now.
The only changes on my firewall were package updates from a 6.43 RC version to: “channel: current ; installed-version: 6.43.4”
As far as i know, the client tries to connect to the SSL-VPN Gateway with ports 4500 and 500 (UDP&TCP).
My Notebook and PC are able to establish the connection as soon as I connect to the hotspot of my mobile phone - so I can assume, the clients are working properly.
# oct/25/2018 15:52:38 by RouterOS 6.43.4
# software id = UDCS-1JET
# model = CRS326-24G-2S+
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT: LAN to WAN" out-interface-list=WAN
/ip firewall filter
add action=drop chain=input connection-state=invalid log-prefix=drop_invalid
add action=accept chain=forward dst-address=123.123.123.0/24 dst-address-list="" log=yes log-prefix=company_vpn
add action=accept chain=forward dst-address-list="" log=yes log-prefix=company_vpn src-address=123.123.123.0/24
123.123.123.0/24 ← placeholder for the public IP range of my company (Just to be sure, i didn’t miss anything)
The Client is connected via LAN and the firewall rules are on top.
Log shows outgoing connections to the Cisco Server on the mentioned ports.
Once I was able to initiate to connection over my phones hotspot and switch to LAN without loosing the connection. Could there be an issue with the first handshake between Cisco server and client?
Any ideas? Thank you!