I have been trying to do some self learning with some kit that I have access to. One of the things that I have setup recently is configuring an ASA5510 to allow AnyConnect VPN users to access some servers remotely. That works just fine.
I was wondering if it possible to allow access from the servers on my internal LAN to have access back to the VPN client machine?
In a nutshell, the setup is this:
Windows 10 PC with AnyConnect client and it gets a DHCP IP from the ASA of 10.0.0.4/24
The Inside interface on the ASA is 10.0.0.254/24
This is connected to a Cisco 4948 switch. Port 1 of the switch is set as
interface GigabitEthernet1/1
description ASA5510
no switchport
ip address 10.0.0.1 255.255.255.0
I have a server VLAN with IP address 192.110.1.1/24
My server has an IP address of 192.110.1.229/24 and the default gateway is 192.110.1.1
Windows Firewall has been turned off on the server.
If I understand correctly, you have a PC on the INSIDE interface of the ASA, and a server on the outside interface, and you want to use AnyConnect to connect to the server, correct?
You must keep in mind that AnyConnect is used to connect remote users to the INSIDE network of the ASA over a secure VPN. This is described in further detail in this lesson:
If you are trying to achieve the opposite (i.e. client within INSIDE network, and the server is remote) which is what I understand from your description, then by default, connectivity should be allowed with no additional configurations and no need for a VPN. This of course assumes that all routing has been configured correctly so that communication is successful.
This is because any communication that is initiated from the INSIDE network to an OUTSIDE device is allowed based on the security zones, as described in the following lesson:
Does that make sense? If not, can you clarify what you are trying to achieve so that we can help you further?