SEC0401 – Firepower 7.0 AnyConnect VPN Client (Part 3)

Headend download experience

Reachability is not working

NAT statement for anyconnect is not being hit and untranslate hit is not there since NAT statement is for INSIDE > OUTSIDE and that is why we should see “untranslate” hits

earlier while creating NAT rule a mistake was made where REAL_VPN_RA was used in source section and not in destination section, emptied out the source field and added REAL_VPN_RA in destination section and that worked

now pings work

These are some user facing customisations

number of bytes sent and received

because this is default group policy that has “tunnel all traffic” we see route for 0.0.0.0/0

show vpn-sessiondb anyconnect 

anyconnect license consumed by user

encryption and hashing

group policy

tunnel-group

duration

inactivity

bytes

show vpn-sessiondb detail anyconnect

client version and OS

authentication

OS and client info

TCP ports , Idle timeout , bytes

connection seems to be coming from OUTSIDE