AnyConnect VPN RDP failures

Here to help

AnyConnect VPN RDP failures

Good day everyone, 

I'm getting ready to switch my company from Global Protect on a Palo PA820 to Anyconnect off a MX95. 
Our peak client connections are about 250 devices only about 100 are over the VPN. 

We are running Cisco Secure Client, which to my knowledge is current. 
MX95 firmware: 18.107.2 

To explain my issue I will be using these two subnets: 
VPN Clients 
Servers: | Azure based, S2S connection to the MX95.
Split tunneling enable with the Server subnet included. 

When connected through the VPN I get some failures for RDP or share drives. I'm starting to think this is a windows issue after being on the Palo for so long. This is with hostnames and IPs

I connect into the VPN then try to remote into servers and I might be able to get to: DC-server, SQL-server, etc, but not be able to connect to file-server. However, I can reach share drives that exist on the file-server. My only resolution for this is to disconnect and reconnect. 
Additionally, I have seen this issue in the reverse. I can RDP to file-server but not connect to share drives. Another example is not being able to connect to DC-server, but I can ping and reply. 

The Palo is still online and still in use by some uses as this isn't a mandated change at this point. My only thought is windows is confused. As I type this, issues seem to become less and less, but any thoughts or theories would be much appreciated! 

2 Replies 2
Kind of a big deal
Kind of a big deal

I suggest you open a support case for them to investigate further.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

One should be going in as we speak! My worry is all our servers are in azure and support may just point the finger at that configuration. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.