Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
5
Helpful
7
Replies

Internet access for Remote VPN users

sujitkr7cisco
Level 1
Level 1

‎01-25-2008 12:16 AM - edited ‎02-21-2020 03:30 PM

Hi,

I have CISCO ASA 5510 , i configured remote vpn for roming users which are connected through vpn clint .My email and one application is working fine but users wants also web browsing through it .Is their any option in ASDM , through which we manage easisly accessbility of vpn clints user (roming users)..My all vpn users are following single group.

Labels:
0 Helpful
7 Replies 7

pjhenriqs
Level 1
Level 1

‎01-25-2008 03:20 AM

Hi,

The PIX/ASA has the split tunneling feature which you must configure for your remote access VPN in order to achieve what you want.

Check out this link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

What split tunneling does is basically it sends all the VPN traffic through the tunnel and everything else is sent through your normal Internet connection.

HTH,

Paulo

sujitkr7cisco
Level 1
Level 1
In response to pjhenriqs

‎01-25-2008 11:14 AM

Hi,

Thanks i am already useing split tunnel but when i connected throug vpn client ,mail and applications are running but we are not able to use web browser.

0 Helpful

ajagadee
Cisco Employee
Cisco Employee

‎01-25-2008 08:07 AM

You can do split tunneling as the previous e mail or you can use the permit intra interface option on the ASA and have the VPN Clients to go the internet via your ASA.

Please refer the below URL for details:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml

Regards,

Arul

** Please rate all helfpul posts **

0 Helpful

pjhenriqs
Level 1
Level 1
In response to ajagadee

‎01-25-2008 08:19 AM

That's true.

The advantage of the split tunneling is that you are not adding extra latency by encrypting the "Internet" traffic, sending it to the firewall and then the other way around.

Yet split tunneling has some risk involved because if the users PC is compromised then the attacker might also have access to company resources.

The solution Arul gave solves that problem since I would guess it makes life a lot more complicated for the attacker.

I think it's a trade-off you have to decide.

HTH,

Paulo

sujitkr7cisco
Level 1
Level 1
In response to ajagadee

‎01-30-2008 10:08 PM

Hi,

Thanks for your suggation .

I am using split tunnel concept but there is problem with internet access .

Thanks and regards,

sujeet

0 Helpful

fortis123
Level 1
Level 1
In response to sujitkr7cisco

‎02-01-2008 07:19 AM

Hi,

Not sure if this already resolved, but I had the same issue, the spili tunnel configuration was wrong from my end.

In your splittunnel ACLs, if you are tunnelling all the traffic, then this raises the issue.

Check the spilt tunnel permitted ACL and make sure, you configure with only your internal network range. (not 'ALL')

hth

MS

0 Helpful

sujitkr7cisco
Level 1
Level 1
In response to ajagadee

‎01-30-2008 10:13 PM

Hi,

Thanks, for suggation.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents