Messages

While I'm not happy you're having VPN issues, I'm happy I'm not alone with anyconnect and opnsense not playing with each other.  I'm going to try opening up port 443 and see what happens.  While my speeds aren't the best, I would like the stability back.  Just out of the blue i lose connection to my emails and anything on our work network, but I can still ping google and other things, so it doesn't completely die. 

And now that I think of it, it all started when I moved from PFsense to opnsense.  I just blamed my works VPN first, lol.

Let me know how that goes and steps to remedy it if you are able to do that.
Thanks

FWIW I have no issues using AnyConnect. As far as I remember, I did nothing special either.

For Any Connect version 5? that is one I am having issues with, didnt have any until recently when they upgraded us to 5.

I tried to open udp port 443 for cisco and speed never improved. I tried nat rules inbound and outbound. set a rule on my lan for outgoing no real change.
I dont know if I have missed something or doing something wrong.
I am using squid proxy as well but I have white listed the vpn domain when I first set up opnsense a few years ago. I even set my laptop that uses vpn to have unrestricted access effectively bypassing the proxy.
Never an issue with cisco until recently.

I don't believe I have blocked 443 udp but I will verify.
As for split tunnel no we can't access any networks outside our
Corporate network.

Intel 3-3220 CPU @ 3.30GHz (2 cores, 4 threads) 8 GB Ram

I dont see umbrella on this version of cisco I did see it on our old version 4. Perhaps it runs somewhere hidden in the background on 5. not sure.

Thanks

I have my opnsense updated to newest version 24..., using it more as a nat firewall.
For some reason when I connect my computer to my work Vpn with cisco anyconnect client version 5 installed on the pc my internet on that pc comes to a crawl 8megs a second. The client pc will stay connected all day it's just slow.

When not on vpn internet is 400 megs.
I also connected my computer directly to my internet gateway to by pass opnsense, then connected to cisco vpn and I got much more normal internet speed. What do I need to do so opnsense allows cisco vpn to run a better speed when I am using cisco any connect client on a computer?

This seems to be a newer issue I have been using opnsense for a while as well as cisco and hadnt noticed this till recently.
Thanks in advance

I figured this out, I needed an RDR rule, I was port forwarding and had a firewall rull, just didnt realize  I needed to click the RDR check box. This thread help me figure it out
https://forum.opnsense.org/index.php?topic=14287.msg66395

I am a new opnsense user, using 20.1.6 coming over from ipcop :) been a long time coming.
I have 2 nics with 4 ports set up in a bridge. I set up transparent proxy following this guide
https://docs.opnsense.org/manual/how-tos/proxytransparent.html#

I can browse the internet just fine when using a PC that is connected to the nic card in the bridge that the internal IPaddress is assigned I can browse my internal websites just fine.

However when I use the other nic ports that are not assigned an ip I can browse externally just fine, but  cannot browse any of the local internal intranet sites. I am able to ping them and connect to them via SSH.

I did change one of the web ports on one of the Intranet servers from 80 to 85 just to test  and I was able to view that with my browser using :85 of course.  I tried adding a rule to allow all LAN traffic to browse internally but that did not work either. I even set up a firewall rule with specific ip address and port to redirect the destination.

  I tried many different rules with the same result. Very strange, that I have the bridge setup and I can ping and SSH devices that are connected to each interface, I even get address from DHCP,  but cannot browse internally except the one nic with the IP Address.
I'm guessing it's something to do with the redirect proxy rules in the above instructions
but cant quite figure it out.
Thanks in advance for the help.