Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
0
Helpful
1
Replies

Allowing incoming VPN clients to NAT to the Internet

sstallion
Level 1
Level 1

‎08-17-2007 07:32 AM - edited ‎02-21-2020 03:13 PM

Morning All,

Currently I have an 871 with advanced ip services using NAT at a remote site. The router has been successfully configured to accept remote access ipsec connections, and traffic is flowing correctly.

I would like to be able to have those connecting through vpn to also have access to the internet.

There is no requirement that users encrypt traffic bound for the internet, so I would prefer to keep traffic not destined for the private network to stay out in the open.

Is this something that can be accomplished using split tunnels or is there some magic that needs to be done on the remote router with NAT?

Thanks in Advance!

Steve

Labels:
0 Helpful
1 Reply 1

bwalchez
Level 4
Level 4

‎08-23-2007 11:21 AM

I think you can use split tunneling or use command same-security-traffic permit {intra-interface} to permit communication in and out of the same interface when traffic is IPSec-protected.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents