07-02-2008 01:10 PM - edited 02-21-2020 03:48 PM
My end users connect to our ASA 5510 using the Cisco VPN client for a IPSec connection. Due to security policies, we do not allow split-tunneling. My end users still require Internet access for their work. How do I route Internet traffic through the VPN tunnel and out our Corporate Gateway?
Thanks,
Ken
07-02-2008 02:02 PM
Ken,
you need
same-security-traffic permit intra-interface
nat (outside) 1
and a rule allowing www outbound access for the vpn pool network.
this is for full tunnel RA scenario and this is assuming your outbound internet gateway is your asa5510 outside interface.
Rgds
-Jorge
07-02-2008 03:32 PM
Jorge,
Thanks for the information. Our ASA is not our outbound Internet gateway. We us another firewall product for our outbound traffic. The ASA is strictly for VPN terminations at the moment. How would I set it up to use a different gateway?
07-02-2008 07:11 PM
Ken,
What is the firewall's current default route pointing to , is it pointing towards that other internet gateway? or do you have two internet gateways, if you do have two internet gateways you would probably need policy base routing which currently the firewall does not yet supports.. but if the default route points to the other firewall as its default route I believe it would be possible to do it.
Could you post sanatized asa config, strip out public IP information if any.
Rgds
-Jorge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: