Internet Access Through VPN

Unanswered Question
Jul 2nd, 2008
User Badges:

My end users connect to our ASA 5510 using the Cisco VPN client for a IPSec connection. Due to security policies, we do not allow split-tunneling. My end users still require Internet access for their work. How do I route Internet traffic through the VPN tunnel and out our Corporate Gateway?


Thanks,

Ken

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Wed, 07/02/2008 - 14:02
User Badges:
  • Green, 3000 points or more

Ken,


you need


same-security-traffic permit intra-interface

nat (outside) 1


and a rule allowing www outbound access for the vpn pool network.



this is for full tunnel RA scenario and this is assuming your outbound internet gateway is your asa5510 outside interface.


Rgds

-Jorge


tohoken Wed, 07/02/2008 - 15:32
User Badges:

Jorge,


Thanks for the information. Our ASA is not our outbound Internet gateway. We us another firewall product for our outbound traffic. The ASA is strictly for VPN terminations at the moment. How would I set it up to use a different gateway?

JORGE RODRIGUEZ Wed, 07/02/2008 - 19:11
User Badges:
  • Green, 3000 points or more

Ken,


What is the firewall's current default route pointing to , is it pointing towards that other internet gateway? or do you have two internet gateways, if you do have two internet gateways you would probably need policy base routing which currently the firewall does not yet supports.. but if the default route points to the other firewall as its default route I believe it would be possible to do it.


Could you post sanatized asa config, strip out public IP information if any.



Rgds

-Jorge



Actions

This Discussion