Internet Access Through VPN

tohoken · ‎07-02-2008

My end users connect to our ASA 5510 using the Cisco VPN client for a IPSec connection. Due to security policies, we do not allow split-tunneling. My end users still require Internet access for their work. How do I route Internet traffic through the VPN tunnel and out our Corporate Gateway?

Thanks,

Ken

JORGE RODRIGUEZ · ‎07-02-2008

Ken,

you need

same-security-traffic permit intra-interface

nat (outside) 1

and a rule allowing www outbound access for the vpn pool network.

this is for full tunnel RA scenario and this is assuming your outbound internet gateway is your asa5510 outside interface.

Rgds

-Jorge

Jorge Rodriguez

tohoken · ‎07-02-2008

Jorge,

Thanks for the information. Our ASA is not our outbound Internet gateway. We us another firewall product for our outbound traffic. The ASA is strictly for VPN terminations at the moment. How would I set it up to use a different gateway?

JORGE RODRIGUEZ · ‎07-02-2008

Ken,

What is the firewall's current default route pointing to , is it pointing towards that other internet gateway? or do you have two internet gateways, if you do have two internet gateways you would probably need policy base routing which currently the firewall does not yet supports.. but if the default route points to the other firewall as its default route I believe it would be possible to do it.

Could you post sanatized asa config, strip out public IP information if any.

Rgds

-Jorge

Jorge Rodriguez