I have asav running on AWS , nothing complex, standard interfaces (inside ,outside, management ). however when a user connects to the anyconnect client they cant reach my internal network btw( int network is connected to AWS over DXGW -direct connect. ) I can of course reach the internal network from the asav inside interface..just not from the anyconnect address pool. I figure its routing. I have an aws route-table associated to inside interface that points to vgw to get to internal network..(btw is already associated with dxgw) . I'm thinking the issue im running into is how does my network know where to reach my anyconnect address pool. My the anyconnect pool subnet is pulled from the supernet block of the vpc. So I can not add a more specific route than the default local route of the vpc. If I were to use a subnet outside of vpc supernet , that subnet isn't advertised over from our csp to our interna network( since it's only configured on the asav). I need to allow my anyconnect network to talk to my internal network. I feel like Ive worked through the basics (SG'asav static routes ,etc) but with no success. Any one ever done this? would greatly appreciate the help.
No comments:
Post a Comment