Cisco VPN Client requires Internet access --- not "split-tunneled"

Unanswered Question
Jun 15th, 2007
User Badges:

I have an ASA 5510 appliance running 7.2 (ASDM 5.2) terminating Cisco VPN Client 4.8 users.

Everything works, meaning the Client can access corporate resources. However, due to "split-tunneling" being disabled (per corporate security policy) I will need to route all Internet-bound traffic through the appliance.

How is this done?

I have tried changing the tunnel default gateway to the 'inside' interface of the ASA. I have also added NAT entries for the VPN Client pools to be translated to a different IP Address on the 'outside' interface but it still does not work.

Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
regraxpto Wed, 07/04/2007 - 15:56
User Badges:

Im not sure if there is any other way, but if you use a proxy in your internal network and configure it on the remote workers, it should do the trick.



acomiskey Wed, 07/04/2007 - 17:32
User Badges:
  • Green, 3000 points or more

Sure this is possible. For example...

same-security-traffic permit intra-interface

ip local pool vpnpool

global (outside) 1 interface

nat (outside) 1

Here is the document that will also help if needed.

Please rate helpful posts.


This Discussion