Meraki

Community

Internal Website blocked trough Anyconnect

NotKnown
Here to help
20 hours ago
20 hours ago

Internal Website blocked trough Anyconnect

Hello,

 

I have a customer who uses an MX85 for an month or 2. It worked fine till now.

 

Some users use an anyconnect vpn to access an internal page.

That page is working fine for everyone else, but not since this morning for the vpn users.

 

Most of the time i got an page saying the wait time is expired, and some times i got an meraki page, with the message the specifiek FQDN is blocked.

 

I can access that same server via RDP and i can ping/trace it, it works fine, so it something else, instead of a firewall rule.

But i cant find anything in the logging.. and doing an realtime log via tools, there also are no blocks. 

 

I added the fqdn's in the whitelist of content filtering and AMP. but no luck...

 

in the packet trace some tcp retransmissions, but cant really find something what 

 

does anyone has an idea?

Labels:
0 Kudos
3 Replies 3
NotKnown
Here to help
19 hours ago
19 hours ago

After disabling AMP/IPS/IDS it works again.. so far having security..

 

dont get it why it doest use the whitelist then 

0 Kudos
In response to NotKnown
Brash
Kind of a big deal
Kind of a big deal
19 hours ago
19 hours ago

Add the FQDN/IP Address to the Trusted IP Address list and the AMP whitelist under "security & SD Wan -> threat protection 

0 Kudos
In response to Brash
NotKnown
Here to help
19 hours ago
19 hours ago

i already put them there. that why i am a little confused why it doesnt work. For now i will it like this, and will try some things this evening so i do bother the users atm.

 

Still, why isnt there any logging or something in the security center then. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.