Cisco VPN Client requires Internet access --- not "split-tunneled"

Unanswered Question
Jun 15th, 2007

I have an ASA 5510 appliance running 7.2 (ASDM 5.2) terminating Cisco VPN Client 4.8 users.

Everything works, meaning the Client can access corporate resources. However, due to "split-tunneling" being disabled (per corporate security policy) I will need to route all Internet-bound traffic through the appliance.

How is this done?

I have tried changing the tunnel default gateway to the 'inside' interface of the ASA. I have also added NAT entries for the VPN Client pools to be translated to a different IP Address on the 'outside' interface but it still does not work.

Thanks in advance.

--re

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
regraxpto Wed, 07/04/2007 - 15:56

Im not sure if there is any other way, but if you use a proxy in your internal network and configure it on the remote workers, it should do the trick.

Cheers,

Nuno

acomiskey Wed, 07/04/2007 - 17:32

Sure this is possible. For example...

same-security-traffic permit intra-interface

ip local pool vpnpool 192.168.10.1-192.168.10.254

global (outside) 1 interface

nat (outside) 1 192.168.10.0 255.255.255.0

Here is the document that will also help if needed.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Please rate helpful posts.

Actions

This Discussion