I'm in the process of migrating our Concentrator to our new ASA 5520s. The Concentrator was used purely for VPN Client connections and I've got the easy ones out of the way. However, I cannot, for whatever reason, get internet access through our corporate network when I have profiles with full tunneling.
I've included the config file, with lots of public IP information and site to site tunnels omitted. I've left all the pertinent stuff about the group-policies and tunnel-groups that concern VPN client connectivity. The address range I'm using for the VPN clients is 172.16.254.0/24. The group I'm trying to get internet access working with is "adsmgt" and the full tunnel part to our entire network is fine.
As always, any help is appreciated. Thank you!
"Huseyin..good to see you back bud"
Thanks m8, good to see you too. Nice badge btw :). Having some trouble with AAA and CSACS, opened some questions but none has a response.
Any comments appreciated m8.
"may need U-turn for that internet outbound traffic,a same-security-traffic permit intra-interface statement should be able to do it"
Well this is right on the spot!, I totally missed it. I assume you wont need the "tunneled" option.
Huseyin..good to see you back bud.., yes try those sugesstiong from Huseyin..if they checked to be ok we'll try different approach..
Im thinking too, because is full tunnel (no split ) Jim's ASA may need U-turn for that internet outbound traffic,a same-security-traffic permit intra-interface statement should be able to do it.. but Jim first try Huseyin suggestions.